Authorize other services to access Azure DevOps

Azure DevOps Services

Important

This article applies to Azure DevOps OAuth authorizations. Azure DevOps OAuth is slated for deprecation in 2026. Learn more in our blog post.

You can grant other services access to Azure DevOps using the OAuth 2.0 framework. This secure authorization allows services to access resources like work items, source code, and build results. When authorizing a service, use your Microsoft account (for example, me@live.com) or your work account (for example, me@my-workplace.com). The authorized service doesn't have access to your Azure DevOps credentials, and you can revoke authorizations as needed.

Prerequisites

  • Permissions:
    • Be a member of the Project Administrators group.
    • The service has the Contributor role, or a custom role with similar permissions, on the resources it needs to access.
  • Service compatibility: The service you intend to authorize supports OAuth 2.0 integration with Azure DevOps.

Authorize a service

A typical authorization flow might be similar to the following example:

  1. When you're using a service that relies on Azure DevOps resources, the service requests authorization.

  2. If you're not already signed in, Azure DevOps prompts you to enter your credentials.

    Screenshot of the Visual Studio sign in prompt.

  3. After signing in, you get the authorization approval page.

    Screenshot of Accept or Deny buttons for authorization of the application.

    A service can only request full access through the REST APIs, so the authorization request might not be specific.

  4. Review the request and approve the authorization.

    The authorized service can access resources within your Azure DevOps organization.

  5. To ensure an authorization request is legitimate, do the following actions:

    • Check for the Azure DevOps branding at the top of the approval page.
    • Ensure the approval page URL starts with https://app.vssps.visualstudio.com/.
    • Be alert for any HTTPS-related security warnings in your browser.
    • Remember that services don't directly ask for your credentials; they rely on the authorization approval page provided by Azure DevOps.

Manage authorizations

Review the services that you granted authorization to access your organization.

  1. Sign in to your organization (https://dev.azure.com/{yourorganization}).

  2. Select User settings > Profile.

  3. Select Authorizations.

    Screenshot of profile settings with Authorizations selected.

  4. To revoke an authorization so the service can't access your organization on your behalf, select Revoke > Revoke.

    Screenshot showing highlighted Revoke trash can for selection.

Next steps