Add an Active Directory / Microsoft Entra group to a built-in security group
Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019
In this article, learn how to manage large user groups by adding Microsoft Entra groups to built-in security groups in Azure DevOps. As outlined in About security, authentication, and authorization, there are two main types of built-in security groups: project-level and collection-level. Typically, you add groups to project-level groups like Contributors and Readers. For more information, see Default permissions and access.
The process for adding a Microsoft Entra group to a built-in security group is the same, no matter the access level at which you add them.
In this article, learn how to manage large user groups by adding Active Directory groups to built-in security groups in Azure DevOps. As outlined in About security, authentication, and authorization, there are two main types of built-in security groups: project-level and collection-level. Typically, you add groups to project-level groups like Contributors and Readers. For more information, see Default permissions and access.
The process for adding an Active Directory group to a built-in security group is the same, no matter the access level at which you add them.
Prerequisites
- Organization connection: Have your Azure DevOps organization connected to Microsoft Entra ID.
- Permissions: Be a member of the Project Collection Administrators group in Azure DevOps.
- Access: Ensure you have at least Basic access in Azure DevOps.
Add Microsoft Entra group to a built-in security group
Note
To enable the Project Permissions Settings Page preview page, see Enable preview features.
Sign in to your project (
https://dev.azure.com/{Your_Organization/Your_Project}).Select Project settings > Permissions.
Do one of the following actions:
- Select Readers to add users who require read-only access to the project.
- Select Contributors to add users who need full contribution access or Stakeholder access.
- Select Project Administrators to add users who need administrative access to the project.
In the following example, we select the Contributors group.
Select Members > Add.
The default team group and all other teams you add to the project are included as members of the Contributors group. So, you can choose to add a new user as a member of a team instead, and the user automatically inherits Contributor permissions.
Enter the group name into the text box. You can enter multiple identities, separated by commas. The system automatically searches for matches. Select the matching identity or identities that meet your criteria.
Note
The first time you add a group, you can't browse for it or check the friendly name. After adding the identity, you can enter the friendly name directly.
Add an Active Directory group to a built-in security group
Open the web portal and choose the project where you want to add users or groups. To choose another project, see Switch project, repository, team.
Choose Project Settings, and then Security.
Select Security and under the Groups section, and then do one of the following actions:
- Select Readers to add users who require read-only access to the project.
- Select Contributors to add users who need full contribution access or Stakeholder access.
- Select Project Administrators to add users who need administrative access to the project.
Next, choose the Members tab.
In the following example, we choose the Contributors group.
The default team group and all other teams you add to the project are included as members of the Contributors group. So, you can choose to add a new user as a member of a team instead, and the user automatically inherits Contributor permissions.
Select
Add to add a group.Enter the group name in the text box. You can enter multiple groups, separated by commas. The system automatically searches for matches. Select the match that meets your criteria.
Tip
The first time you add a group, you can't browse or check the friendly name. After you add the identity, you can enter the friendly name directly.