แก้ไข

แชร์ผ่าน


Add an Active Directory / Microsoft Entra group to a built-in security group

Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019

In this article, learn how to manage large user groups by adding Microsoft Entra groups to built-in security groups in Azure DevOps. As outlined in About security, authentication, and authorization, there are two main types of built-in security groups: project-level and collection-level. Typically, you add groups to project-level groups like Contributors and Readers. For more information, see Default permissions and access.

The process for adding a Microsoft Entra group to a built-in security group is the same, no matter the access level at which you add them.

In this article, learn how to manage large user groups by adding Active Directory groups to built-in security groups in Azure DevOps. As outlined in About security, authentication, and authorization, there are two main types of built-in security groups: project-level and collection-level. Typically, you add groups to project-level groups like Contributors and Readers. For more information, see Default permissions and access.

The process for adding an Active Directory group to a built-in security group is the same, no matter the access level at which you add them.

Prerequisites

  • Organization connection: Have your Azure DevOps organization connected to Microsoft Entra ID.
  • Permissions: Be a member of the Project Collection Administrators group in Azure DevOps.
  • Access: Ensure you have at least Basic access in Azure DevOps.

Add Microsoft Entra group to a built-in security group

Note

To enable the Project Permissions Settings Page preview page, see Enable preview features.

  1. Sign in to your project (https://dev.azure.com/{Your_Organization/Your_Project}).

  2. Select Project settings > Permissions.

    Screenshot shows highlighted selections, Project settings and Permissions buttons.

  3. Do one of the following actions:

    • Select Readers to add users who require read-only access to the project.
    • Select Contributors to add users who need full contribution access or Stakeholder access.
    • Select Project Administrators to add users who need administrative access to the project.

    In the following example, we select the Contributors group.

    Screenshot shows highlighted Contributors group selection.

  4. Select Members > Add.

    Screenshot shows highlighted Members tab for Contributors group.

    The default team group and all other teams you add to the project are included as members of the Contributors group. So, you can choose to add a new user as a member of a team instead, and the user automatically inherits Contributor permissions.

  5. Enter the group name into the text box. You can enter multiple identities, separated by commas. The system automatically searches for matches. Select the matching identity or identities that meet your criteria.

    Screenshot shows the Invite members group dialog.

    Note

    The first time you add a group, you can't browse for it or check the friendly name. After adding the identity, you can enter the friendly name directly.


Add an Active Directory group to a built-in security group

  1. Open the web portal and choose the project where you want to add users or groups. To choose another project, see Switch project, repository, team.

  2. Choose Project Settings, and then Security.

    Screenshot of Project Settings>Security selections.

  3. Select Security and under the Groups section, and then do one of the following actions:

    • Select Readers to add users who require read-only access to the project.
    • Select Contributors to add users who need full contribution access or Stakeholder access.
    • Select Project Administrators to add users who need administrative access to the project.
  4. Next, choose the Members tab.

    In the following example, we choose the Contributors group.

    Screenshot showing selection sequence, Admin context, Security page, Contributors group, Membership page.

    The default team group and all other teams you add to the project are included as members of the Contributors group. So, you can choose to add a new user as a member of a team instead, and the user automatically inherits Contributor permissions.

  5. Select Add to add a group.

  6. Enter the group name in the text box. You can enter multiple groups, separated by commas. The system automatically searches for matches. Select the match that meets your criteria.

    Screenshot showing the Add users and group dialog.

    Tip

    The first time you add a group, you can't browse or check the friendly name. After you add the identity, you can enter the friendly name directly.

Next steps