Add AD/Azure AD users or groups to a built-in security group

  • Artículo

TFS 2017 | TFS 2015 | TFS 2013

As described in About security, authentication, and authorization, there are two main types of built-in security groups: project-level and collection-level. In general, you add users and groups to a project-level group such as Contributors and Readers. For users that need to administrate select features and functions, add them or associated groups to the Build Administrators or Project Administrators groups.

Review Default permissions and access to gain insight into the default permissions provided to the built-in, project-level security groups.

Learn how to do the following task:

  • Add an Active Directory user or group to a built-in security group

The method for adding a user or group to a built-in security group is the same, no matter at what level you add them.

Add an Active Directory user or group to a built-in security group

  1. Open the web portal and choose the project where you want to add users or groups. To choose another project, see Switch project, repository, team.

  2. Choose the gear icon to open Project Settings.

    Open Project Settings, horizontal nav

  3. Open Security and under the Groups section, choose one of the following actions:

    • To add users who require read-only access to the project, choose Readers.
    • To add users who need to contribute fully to the project or who have been granted Stakeholder access, choose Contributors.
    • For users who need to administrate the project, choose Project Administrators.

  4. Next, choose the Members tab.

    Here we choose the Contributors group.

    Admin context, Security page, Contributors group, Membership page

    By default, the default team group and all other teams you add to the project are included as members of the Contributors group. So, you can choose to add a new user as a member of a team instead, and the user automatically inherits Contributor permissions.

  5. Choose Add to add a user or a user group.

  6. Enter the name of the user into the text box. You can enter several identities into the text box, separated by commas. The system automatically searches for matches. Choose the match(es) that meets your choice.

    Add users and group dialog

    Note

    The first time you add a user or group, you can't browse to it or check the friendly name. After the identity has been added, you can just enter the friendly name.

Next steps

Request an increase in permission levels