Edit

Share via


Use Git Credential Manager to authenticate to Azure Repos

Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019

Visual Studio 2019 | Visual Studio 2022

Git Credential Manager simplifies authentication with your Azure Repos Git repositories. Credential managers let you use the same credentials that you use for the Azure DevOps web portal, supporting secure authentication through Microsoft account or Microsoft Entra ID with built-in multifactor authentication. Git Credential Manager also supports two-factor authentication with GitHub repositories.

Authentication options

Git Credential Manager supports multiple authentication methods, with Microsoft Entra ID tokens being the recommended approach for enhanced security:

  • Microsoft Entra ID tokens (recommended): Provides enhanced security with shorter token lifespans and better integration with organizational policies.
  • Microsoft account authentication: Personal Microsoft accounts with multifactor authentication support.
  • Personal Access Tokens: Available as an alternative, though we recommend using Microsoft Entra ID tokens when possible.

IDE integration

Azure Repos provides IDE support for Microsoft account and Microsoft Entra authentication through the following clients:

If your environment doesn't have an integration available, you can configure your IDE with Microsoft Entra ID tokens (recommended), Personal Access Tokens, or SSH to connect to your repositories.

Important

We recommend the more secure Microsoft Entra tokens over higher-risk personal access tokens. Learn more about our efforts to reduce PAT usage. Review our authentication guidance to choose the right authentication mechanism for your needs.

Install Git Credential Manager

Windows

Download and run the latest Git for Windows installer, which includes Git Credential Manager. Make sure to enable the Git Credential Manager installation option.

Screenshot shows selection, Enable Git Credential Manager during Git for Windows install.

macOS and Linux

You can use SSH keys to authenticate to Azure Repos, or use Git Credential Manager.

Installation instructions are included in the GitHub repository for GCM. On Mac, we recommend using Homebrew. On Linux, you can install from a .deb or a tarball.

Using the Git Credential Manager

When you connect to a Git repository from your Git client for the first time, the credential manager prompts for credentials. Provide your Microsoft account or Microsoft Entra credentials. If your account has multifactor authentication enabled, the credential manager prompts you to go through that process as well.

Git Credential Manager prompting during Git pull

Once authenticated, the credential manager creates and caches a token for future connections to the repo. Git commands that connect to this account don't prompt for user credentials until the token expires. A token can be revoked through Azure Repos.

By default, GCM can request different types of authentication tokens from Azure Repos. You can configure the default Git authentication to use Microsoft Entra ID tokens, which provide enhanced security through OAuth protocols. We recommend this approach for better security and integration with organizational policies. Learn more about using GCM with Azure Repos.

git config --global credential.azreposCredentialType oauth

Use service principal as authentication

You can also provide a service principal for authentication with GCM. Specify the client and tenant IDs of a service principal in this format: {tenantId}/{clientId}.

git config --global credential.azreposServicePrincipal "11111111-1111-1111-1111-111111111111/22222222-2222-2222-2222-222222222222"

You must also set at least one authentication mechanism if you set this value:

Get help

You can open and report issues with Git Credential Manager on the project GitHub.