Authorize other services to access Azure DevOps

Članak
07/11/2024

Azure DevOps Services

You can grant other services access to Azure DevOps using the OAuth 2.0 framework. This secure authorization allows services to access resources like work items, source code, and build results. When authorizing a service, use your Microsoft account (for example, me@live.com) or your work account (for example, me@my-workplace.com). The authorized service doesn't have access to your Azure DevOps credentials, and you can revoke authorizations as needed.

Authorize a service

A typical authorization flow might be similar to the following example:

When you're using a service that relies on Azure DevOps resources, the service requests authorization.
If you're not already signed in, Azure DevOps prompts you to enter your credentials.
After signing in, you get the authorization approval page.

A service can only request full access through the REST APIs, so the authorization request may not be specific.
Review the request and approve the authorization.

The authorized service can access resources within your Azure DevOps organization.
To ensure an authorization request is legitimate, do the following actions:
- Check for the Azure DevOps branding at the top of the approval page.
- Ensure the approval page URL starts with https://app.vssps.visualstudio.com/.
- Be alert for any HTTPS-related security warnings in your browser.
- Remember that services don't directly ask for your credentials; they rely on the authorization approval page provided by Azure DevOps.

Manage authorizations

Review the services that you granted authorization to access your organization.

Sign in to your organization (https://dev.azure.com/{yourorganization}).
Select User settings > Profile.
Select Authorizations.
To revoke an authorization so the service can't access your organization on your behalf, select Revoke > Revoke.