Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
126 lines (76 sloc) 7.2 KB
title titleSuffix ms.custom description ms.prod ms.technology ms.assetid ms.topic ms.manager ms.author author ms.date monikerRange
Connect organization to Azure Active Directory
Azure DevOps Services
seodec18
Learn how to connect your organization to your Azure Active Directory
devops
devops-accounts
629a48b6-b2ab-4706-8256-d187c8ed5ce7
conceptual
jillfra
chcomley
chcomley
05/30/2019
azure-devops

Connect your organization to Azure Active Directory

[!INCLUDE version-vsts-only]

Connect your Azure DevOps organization to Azure Active Directory (Azure AD) so you can sign in with the same username and password that you use with Microsoft services. You can easily find and add members to your Azure DevOps organization who are already a part of your work organization. You can also enforce policies for accessing your team's critical resources and key assets.

For more information about using Azure AD with Azure DevOps, see the conceptual overview.

Prerequisites

  • Ensure you're a Project Collection Administrator or owner of the organization to perform the connection.

  • Ensure that you exist in Azure AD as a member. For more information, see how you can convert an Azure AD guest into a member.

  • Inform users of the upcoming change. There's no downtime during this change, but users are affected. Let them know before you begin that there's a short series of steps to complete. As your company transitions from Microsoft account (MSA) to Azure AD identities, your users' benefits continue with their new identity, as long as their emails match.

  • Delete unwanted users from your organization. For example, you can remove a user who left the company and is no longer an employee.

  • Prepare your mapping list for inviting users to Azure AD.

    1. Sign in to your organization (https://dev.azure.com/{yourorganization}).

    2. Select gear icon Organization settings.

      Open Organization settings

    3. Select Users.

      Open organization settings, users

    4. Compare your Azure DevOps email list with your Azure AD email list. Create an Azure AD email address entry for every user who is in the Azure DevOps organization and NOT in the Azure AD. For any user that you don't create an Azure AD email address, be prepared to invite these users as guests to the Azure AD in future steps.

[!NOTE] Ensure you're using Azure AD Public. Support for Azure AD Government is currently limited.

Connect your organization to Azure AD

  1. Sign in to your organization (https://dev.azure.com/{yourorganization}).

  2. Select gear icon Organization settings.

    Open Organization settings

  3. Select Azure Active Directory, and then select Connect directory.

    Select Connect directory to connect your organization to Azure AD

  4. Select a directory from the dropdown menu, and then select Connect.

    Select your Azure AD, and then Connect If you can't find your directory, contact your Azure AD administrator and request that they add you as a member to the Azure AD.

  5. Select Sign out.

    Connect success dialog - select Sign out

    Your organization is now connected to your Azure AD.

  6. Confirm that the process is complete. Sign out, and then open your browser in a private session and sign in to your organization with your Azure AD or work credentials.

  7. If you have disconnected members, sign back in to Azure DevOps and map them to their Azure AD identities or invite them as guests into the Azure AD. See the FAQ for further information.

    Select Resolve to invite unmapped users

    Mapping disconnected users

Inform users of the completed change

When you inform your users of the completed change, include the following tasks for each user in the organization to complete:

  • Clear the cache for the Git Credential Manager if you use Visual Studio or the Git command-line tool. Delete the %LocalAppData%\GitCredentialManager\tenant.cache file on each client machine.

  • Regenerate new personal access tokens. Complete the following steps:

    a. In Azure DevOps, select your profile icon, and then select Security from the resulting dropdown menu.

    Select from your profile dropdown menu, Security

    b. Select Personal access tokens, and then select New Token.

    Select New Token button to create

    c. Complete the form, and then select Create.

    Create new token

    d. When the token is created, copy it, as it can't be viewed again.

  • Request that SSH keys be manually cleared by Support, and then recreate SSH keys. Complete the following steps.

    a. In Azure DevOps, select your profile icon, and then select Security from the resulting dropdown menu.

    Select from your profile dropdown menu, Security

    b. Select SSH public keys, and then select Add.

    user-settings-security-ssh.png

    c. Enter a description and key data, and then select Save.

    Add info to create SSH key

    d. When the token is created, copy it, as it can't be viewed again.

  • Rename your Microsoft account to a different email that doesn't conflict with your Azure AD identity if you don't want to be prompted to choose between accounts.

  • Manage your Visual Studio with MSDN subscription, if you used a Microsoft account to sign up for Azure DevOps. Link work or school accounts to this subscription.

Related articles

You can’t perform that action at this time.