Organization management overview

Azure DevOps Services

With an organization in Azure DevOps Services, you can do the following tasks:

• Collaborate: Work with team members to develop applications using our cloud service.
• Plan and track: Manage your work, track code defects, and address issues efficiently.
• Use continuous integration and deployment: Set up automated builds and deployments to streamline your development process.
• Integrate: Connect with other services using service hooks for seamless workflows.
• Enhance: Access other features and extensions to extend the capabilities of Azure DevOps.
• Organize: Create one or more projects to segment and manage your work effectively.

By using these capabilities, you can enhance your development process and improve collaboration within your team.

Note

If you're just getting started, see Get started managing your organization. For information about managing an on-premises Azure DevOps Server, see Administrative tasks quick reference.

Prerequisites

To effectively manage an organization, ensure the following tasks are complete:

Organization:

• Plan your organizational structure in Azure DevOps Services.
• Create your organization and invite team members and grant them access.

Connect to your organization

Once you create your organization, you can connect to your projects with tools like Xcode, Eclipse, or Visual Studio, and then add code to your project.

Some clients, like Xcode, Git, and NuGet, require basic credentials (a username and password) to access Azure DevOps. To connect these clients to Azure DevOps, you can use one of the following methods:

• Personal Access Tokens (PATs): To authenticate your identity, create PATs. You can use a credential manager to create, store, and secure your tokens, so you don't have to reenter them every time you make updates. If you prefer not to use a credential manager, you can create PATs manually.

• OAuth: Use OAuth to generate tokens for accessing Azure DevOps. OAuth tokens provide a more secure and flexible way to authenticate, especially for applications that require access to multiple resources.

• SSH Keys: For Git operations, you can use SSH keys to authenticate. SSH keys provide a secure way to connect to your repositories without needing to enter a username and password.

Choose the method that best fits your security and workflow requirements.

Manage access to your organization

Manage access to your organization by adding users. Manage use of features and tasks with access levels and permissions for each user.

You can add and assign an access level to users one-by-one, which is referred to as Direct assignment. You can also set up one or more Group rules and add and assign access levels to groups of users.

Access, access level, and permissions

Understand the following key definitions when managing your user base in Azure DevOps:

• Access: Indicates that a user can sign into your organization and, at a minimum, view information about your organization. Access is the basic level of interaction a user can have with your Azure DevOps environment.
• Access levels: Manage access to specific web portal features. Access levels allow administrators to grant users access to the features they need while only paying for those features. For example, users with Basic access can contribute to projects, while users with Stakeholder access can only view and provide feedback.
• Permissions: Permissions provide or restrict users from completing specific tasks, which are granted through security groups. Permissions control which actions users can perform within the organization, such as creating projects, editing work items, or managing repositories. By assigning users to different security groups, you can tailor their permissions to match their roles and responsibilities.

For an overview of default assignments, see Default permissions and access for Azure DevOps.

Direct assignment

If you don't manage your user base with Microsoft Entra ID, as described in the next section, then you can add users through the following ways:

• Add users to your organization: Go to Organization settings > Users. Only organization owners or members of the Project Collection Administrator group can add users at this level. Specify the access level and the project the user gets added to. For more information, see Add users to your organization or project.

• Add users to a team: Go to Project > Summary to add users to one or more teams. Or, go to Project settings > Teams > Team to add users to a specific team. Members of the Project Collection Administrator or Project Administrator groups, or a team administrator, can add users to teams.

  

  Unless users are granted an access level directly or through a group rule, they get assigned the best available access level. If there are no more free Basic slots available, the user gets added as a Stakeholder. You can change the access level later via the Organization settings > Users page.

Tip

If you need more than the free users and services included with your organization, set up billing for your organization. This allows you to pay for additional users with Basic access, purchase more services, and acquire extensions for your organization.

For more information about adding users to your organization, see the following articles:

• Add users to your organization
• Add users to a team
• Add users to a project

Microsoft Entra ID

If you manage your users with Microsoft Entra ID, you can connect your organization to Microsoft Entra ID and manage access through it. If you already use Microsoft Entra ID, authenticate access to Azure DevOps Services using your directory.

To add users through Microsoft Entra ID, do the following tasks:

1. Connect your organization to Microsoft Entra ID
2. Add organization users to your Microsoft Entra ID
3. Add a Microsoft Entra group to an Azure DevOps group
4. Create bulk assignments of access levels for users or define group rules and assign access levels

Group rules

A best practice for managing users is to use security groups. You can utilize default security groups, create custom security groups, or reference Microsoft Entra groups. These groups allow you to add and manage user access levels using group rules. For more information, see Add a group rule to assign access levels and extensions.

Other organization management tasks

Manage access

• Add external users
• Link work accounts to Visual Studio subscriptions
• Remove users
• Change app access policies
• Authenticate with PATs
• Revoke user PATs

Manage Microsoft Entra ID access

• Remove Azure DevOps users
• Disconnect from Microsoft Entra ID
• Change your Microsoft Entra tenant connection
• Restrict organization creation with tenant policy
• About accessing your organization with Microsoft Entra ID

Manage group-based licensing

• Add a group rule to assign access levels and extensions

Manage organization settings

• Change organization owner
• Rename organization
• Delete an organization
• Recover a deleted organization
• Change location (region)
• Add privacy policy URL
• Change time zone

Manage extensions

• Install extensions
• Approve requests for extensions
• Uninstall or disable extensions

Manage permissions

• Change project-level permissions
• Change project collection-level permissions
• Add a team admin
• Request an increase in permission levels
• Grant or restrict permissions
• Understand resources granted to project members

Related articles

• Learn about access levels
• Understand default permissions and access
• Change project-level permissions
• Change project collection-level permissions
• Add a user as a team administrator
• Authenticate access to Azure DevOps Services using Microsoft Entra ID
• Troubleshoot permissions and access with Microsoft Entra ID