Skip to content

Set up Azure DevOps

Add Managed Identity in an Azure DevOps organization

Add the managed identity to your organization. You should be Project Collection Administrators (PCA) or Project Administrators and Team Administrators when the "Allow team and project administrators to invite new users" policy is enabled. If you're a PCA, you can also grant a service principal access to specific projects and assign a license. If you're not a PCA, you must reach out to the PCA to update any project memberships or license access levels.

  1. In Azure portal Search bar type "Managed Applications"

    • Find the one for Azure2Git and click on it.
    • Go to Parameters and Outputs and find Managed Identity name you have to add to your Azure DevOps Site Parameters and Output

  2. In Azure DevOps go to Organization settings > Users

  3. Click Add users button Users overview
  4. Type in the name of managed Identity you have found in the first step, select it and select projects where it should have access to and click Add. Add user

⚠ Sometimes this step fails on the first try, but works on second try. This is a known issue in Azure DevOps.

After your service principals are added to the organization, you can treat them similarly to standard user accounts. You can assign permissions directly on a service principal, add it to security groups and teams, assign it to any access level, and remove it from the organization.