Partager via


Register an agent using a personal access token (PAT)

Specify PAT for authentication type during agent configuration to use a personal access token to authenticate during agent registration, then specify a personal access token (PAT) with Agent Pools (read, manage) scope (or Deployment group (read, manage) scope for a deployment group agent) can be used for agent registration.

A single PAT can be used for registering multiple agents, the PAT is used only at the time of registering the agent, and not for subsequent communication.

To use a PAT with Azure DevOps Server, your server must be configured with HTTPS. See Web site settings and security.

Create a personal access token for agent registration

  1. Sign in with the user account you plan to use in your Team Foundation Server web portal (https://{your-server}:8080/tfs/).

  2. From your home page, open your profile. Go to your security details.

    Screenshot of security details in Azure DevOps Server.

  3. Create a personal access token.

    Screenshot of creating a personal access token in Azure DevOps Server.

    Note

    If you are configuring a deployment group agent, or if you see an error when registering a VM environment resource, you must set the PAT scope to All accessible organizations. Screenshot of setting PAT scope to all accessible organizations.

  4. For the scope select Agent Pools (read, manage) and make sure all the other boxes are cleared. If it's a deployment group agent, for the scope select Deployment group (read, manage) and make sure all the other boxes are cleared.

    Select Show all scopes at the bottom of the Create a new personal access token window window to see the complete list of scopes.

  5. Copy the token. You'll use this token when you configure the agent.

Note

When using PAT as the authentication method, the PAT token is used only for the initial configuration of the agent. Learn more at Communication with Azure Pipelines or TFS.

Next steps