Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019
Visual Studio 2019 | Visual Studio 2022
Git Credential Manager simplifies authentication with your Azure Repos Git repositories. Credential managers let you use the same credentials that you use for the Azure DevOps web portal, supporting secure authentication through Microsoft account or Microsoft Entra ID with built-in multifactor authentication. Git Credential Manager also supports two-factor authentication with GitHub repositories.
Authentication options
Git Credential Manager supports multiple authentication methods, with Microsoft Entra ID tokens being the recommended approach for enhanced security:
- Microsoft Entra ID tokens (recommended): Provides enhanced security with shorter token lifespans and better integration with organizational policies.
- Microsoft account authentication: Personal Microsoft accounts with multifactor authentication support.
- Personal Access Tokens: Available as an alternative, though we recommend using Microsoft Entra ID tokens when possible.
IDE integration
Azure Repos provides IDE support for Microsoft account and Microsoft Entra authentication through the following clients:
If your environment doesn't have an integration available, you can configure your IDE with Microsoft Entra ID tokens (recommended), Personal Access Tokens, or SSH to connect to your repositories.
Important
We recommend the more secure Microsoft Entra tokens over higher-risk personal access tokens. Learn more about our efforts to reduce PAT usage. Review our authentication guidance to choose the right authentication mechanism for your needs.
Install Git Credential Manager
Windows
Download and run the latest Git for Windows installer, which includes Git Credential Manager. Make sure to enable the Git Credential Manager installation option.
macOS and Linux
You can use SSH keys to authenticate to Azure Repos, or use Git Credential Manager.
Installation instructions are included in the GitHub repository for GCM. On Mac, we recommend using Homebrew. On Linux, you can install from a .deb or a tarball.
Using the Git Credential Manager
When you connect to a Git repository from your Git client for the first time, the credential manager prompts for credentials. Provide your Microsoft account or Microsoft Entra credentials. If your account has multifactor authentication enabled, the credential manager prompts you to go through that process as well.
Once authenticated, the credential manager creates and caches a token for future connections to the repo. Git commands that connect to this account don't prompt for user credentials until the token expires. A token can be revoked through Azure Repos.
Configure Microsoft Entra ID authentication (recommended)
By default, GCM can request different types of authentication tokens from Azure Repos. You can configure the default Git authentication to use Microsoft Entra ID tokens, which provide enhanced security through OAuth protocols. We recommend this approach for better security and integration with organizational policies. Learn more about using GCM with Azure Repos.
git config --global credential.azreposCredentialType oauth
Use service principal as authentication
You can also provide a service principal for authentication with GCM. Specify the client and tenant IDs of a service principal in this format: {tenantId}/{clientId}
.
git config --global credential.azreposServicePrincipal "11111111-1111-1111-1111-111111111111/22222222-2222-2222-2222-222222222222"
You must also set at least one authentication mechanism if you set this value:
- credential.azreposServicePrincipalSecret
- credential.azreposServicePrincipalCertificateThumbprint
- credential.azreposServicePrincipalCertificateSendX5C
Get help
You can open and report issues with Git Credential Manager on the project GitHub.