Organization management overview
Azure DevOps Services
With an organization, you gain access to Azure DevOps Services, where you can do the following tasks:
- Collaborate with others to develop applications by using our cloud service
- Plan and track your work and code defects and issues
- Set up continuous integration and deployment
- Integrate with other services by using service hooks
- Obtain more features and extensions
- Create one or more projects to segment work
Note
If you're just getting started, see Get started managing your organization. For information about managing an on-premises Azure DevOps Server, see Administrative tasks quick reference.
Prerequisites
Before you can manage an organization, do the following tasks:
- Plan your organizational structure in Azure DevOps Services.
- Create your organization and invite others, so they have access.
Connect to your organization
Once you've created your organization, you can connect to your projects with tools like Xcode, Eclipse, or Visual Studio, and then add code to your project.
Some clients, like Xcode, Git, and NuGet, require basic credentials (a username and password) to access Azure DevOps. To connect these clients to Azure DevOps, create personal access tokens (PATs) to authenticate your identity. Then, you can use a credential manager to create, store, and secure your tokens. This way, you don't have to reenter them every time you make updates. Or, if you don't want to use a credential manager, you can create PATs manually.
Manage access to your organization
Manage access to your organization by adding users. Manage use of features and tasks with access levels and permissions for each user.
You can add and assign an access level to users one-by-one, which is referred to as Direct assignment. You can also set up one or more Group rules and add and assign access levels to groups of users.
Access, access level, and permissions
Understand the following three key definitions when you manage your user base:
- Access indicates a user can sign into your organization, and at a minimum view information about your organization.
- Access levels manage access to specific web portal features. Access levels enable administrators to provide their user base access to the features they need and only pay for those features.
- Permissions, granted through security groups, provide and restrict users from completing specific tasks.
For an overview of default assignments, see Default permissions and access for Azure DevOps.
Direct assignment
If you don't manage your user base with Microsoft Entra ID, as described in the next section, then you can add users through the following ways:
Add users to your organization from the Organization settings > Users page. Only organization owners or members of the Project Collection Administration group can add users at this level. Specify the access level and the project(s) the user gets added to. For more information, see Add users to your organization or project.
Add users to one or more teams from the Project > Summary page or to a specific team from the Project settings > Teams > Team page. Members of the Project Collection Administration or Project Administration groups, or a team administrator can add users to teams.
Unless users get granted an access level directly or through a group rule, they're assigned the best available access level. If there are no more free Basic slots available, then the user is added as a Stakeholder. The access level can be changed later through the Organization settings > Users page.
Tip
If you need more than the free users and services included with your organization, set up billing for your organization. You can then pay for more users with Basic access, buy more services, and purchase extensions for your organization.
For more information about adding users to your organization, see the following articles:
Microsoft Entra ID
If you manage your users with Microsoft Entra ID, you can connect your organization to Microsoft Entra ID and manage access through Microsoft Entra ID. If you already use Microsoft Entra ID, use your directory to authenticate access to Azure DevOps Services.
Do the following tasks, to add users through Microsoft Entra ID:
- Connect your organization to Microsoft Entra ID. If you need to set up Microsoft Entra ID, do that now.
- Go to Microsoft Entra ID and sign in with your organization account.
- Add organization users to your Microsoft Entra ID.
- Add a Microsoft Entra group to an Azure DevOps group.
- Create bulk assignments of access levels for users, or define group rules and assign access levels.
Group rules
A best practice is to manage users through security groups. You can use the default security groups, create custom security groups, or reference Microsoft Entra groups. You can use any of these groups to add and manage user access levels using group rules. For more information, see Add a group rule to assign access levels and extensions.
Other organization management tasks
Manage access
- Add external users
- Link work accounts to Visual Studio subscriptions
- Remove users
- Change app access policies
- Authenticate with PATs
- Revoke user PATs
Manage Microsoft Entra ID access
- Remove Azure DevOps users
- Disconnect from Microsoft Entra ID
- Change your Microsoft Entra tenant connection
- Restrict organization creation with tenant policy
- About accessing your organization with Microsoft Entra ID
Manage group-based licensing
Manage organization settings
- Change organization owner
- Rename organization
- Delete an organization
- Recover a deleted organization
- Change location (region)
- Add privacy policy URL
- Change time zone
Manage extensions
Related articles
- About access levels
- Default permissions and access
- Change project-level permissions
- Change project collection-level permissions
- Add a user as a team administrator
- About using Microsoft Entra ID to authenticate access to Azure DevOps Services
- Troubleshoot permissions and access with Microsoft Entra ID