Register an agent using a personal access token (PAT)
Specify PAT for authentication type during agent configuration to use a personal access token to authenticate during agent registration, then specify a personal access token (PAT) with Agent Pools (read, manage) scope (or Deployment group (read, manage) scope for a deployment group agent) can be used for agent registration.
A single PAT can be used for registering multiple agents, the PAT is used only at the time of registering the agent, and not for subsequent communication.
To use a PAT with Azure DevOps Server, your server must be configured with HTTPS. See Web site settings and security.
Create a personal access token for agent registration
- Sign in with the user account you plan to use in your Azure DevOps Server web portal (
https://{your-server}/DefaultCollection/
).
- Sign in with the user account you plan to use in your Azure DevOps organization (
https://dev.azure.com/{Your_Organization}
).
From your home page, open your profile. Go to your security details.
Create a personal access token.
Note
If you are configuring a deployment group agent, or if you see an error when registering a VM environment resource, you must set the PAT scope to All accessible organizations.
From your home page, open your user settings, and then select Personal access tokens.
For the scope select Agent Pools (read, manage) and make sure all the other boxes are cleared. If it's a deployment group agent, for the scope select Deployment group (read, manage) and make sure all the other boxes are cleared.
Select Show all scopes at the bottom of the Create a new personal access token window window to see the complete list of scopes.
Copy the token. You'll use this token when you configure the agent.
Note
When using PAT as the authentication method, the PAT token is used only for the initial configuration of the agent. Learn more at Communication with Azure Pipelines or TFS.