Manage your organization or collection
TFS 2018
After you create an organization or project collection, you'll want to add contributors and configure policies, settings, and other options available to you. This article provides an overview of tasks to ensure you set up your organization or collection to get maximal use of your services.
When you install Azure DevOps Server, you automatically create a default collection. If you need to create another project collection, see Manage project collections.
Note
This article provides an overview of tasks that require membership in the Project Collection Administrators group. For information on tasks performed by members of a Project Administrators group, see Manage your project.
Add users to your organization
For large enterprises, the recommended method to manage Azure DevOps users, is to connect Azure DevOps to Active Directory (AD) and manage user access through security groups defined in AD. That way, when you add and remove users or groups from AD, you automatically add and remove these same users and groups from Azure DevOps. Typically, you should install Active Directory before installing Azure DevOps. You limit the maintenance of managing permissions and user access.
For small and large enterprises, you add users to a server instance through the web portal Access levels interface. All users added to the server instance can be added to one or more projects defined within the project collection(s) defined in the server instance.
When you add users, you specify their access level, which determines the features they can use through the web portal. For more information, review these resources:
- Get started with permissions, access, and security groups
- About access levels
- Add users or groups to an access level
- Install Active Directory Domain Services (Level 100)
Note
Even if you add a user or group to an access level, you must also add them to a project for them to connect to a project and access features available through a supported client or the web portal.
Manage security and permissions
Permissions and security groups control access to select tasks.
The following table lists the permissions assigned at the organization or collection-level. All of these permissions, except for the Make requests on behalf of others permission, are granted to members of the Project Collection Administrators group. For a description of each permission, see Permissions and groups reference, Groups.
General
- Alter trace settings
- Create new projects
- Delete team project
- Edit instance-level information
- View instance-level information
Service Account
- Make requests on behalf of others
- Trigger events
- View system synchronization information
Boards
- Delete field from organization or account
Repos (TFVC)
- Administer shelved changes
- Administer workspaces
- Create a workspace
Pipelines
- Administer build resource permissions
- Manage build resources
- Use build resources
- View build resources Test Plans
- Manage test controllers
For more information about security and setting permissions at the collection-level, review the following articles:
- Get started with permissions, access, and security groups
- Change permissions at the organization or collection-level.
Add members to the Project Collection Administrators group
The person who creates a project collection is automatically added as a member to the Project Collection Administrators group. Members of this group have permissions to manage the settings, policies, and processes for the organization. Members can also create and manage all projects defined in the organization, and install and manage extensions.
It's always a good idea to have more than one person who has administrative privileges. To add a user to this group, see Change permissions at the organization level,Add members to the Project Collection Administrators group.
Manage extensions
An extension is an installable unit that adds new capabilities to your projects. Azure DevOps extensions support the following functions:
- Planning and tracking of work items, sprints, scrums, and so on
- Build and release flows
- Code testing and tracking
- Collaboration among team members
For example, to support code search, install the Code Search extension.
You want to tell your users about extensions and that they can request an extension. To install and manage extensions, you must be an organization Owner, a member of the Project Collection Administrators group. Or, you can get added to the Manager role for extensions.
Install Code Search
Code Search is a free Marketplace extension that lets you search across all your source repositories. For more information, see Install and configure Search.
Configure DevOps settings
Use the following settings, which get defined at the organization-level, to support your work.
- Add agent pools
- Define pipeline retention settings
- Define repository settings:
Customize work-tracking processes
All work-tracking tools are available immediately after you create a project. Often, one or more users might want to customize the experience to meet one or more business needs. But, you might want to establish a methodology for who manages the updates and evaluates requests.
For more information, see On-premises XML process model.
Review and update notifications
Many notifications are predefined at the organization or collection level. You can manage subscriptions or add new subscriptions.
Configure an SMTP server
For team members to receive notifications, you must configure an SMTP server.
Scale your organization or collection
To learn about scaling your organization, see the following articles.