Authorize other services to access Azure DevOps
Azure DevOps Services
Important
This article applies to Azure DevOps OAuth authorizations. Azure DevOps OAuth is slated for deprecation in 2026. Learn more in our blog post.
You can grant other services access to Azure DevOps using the OAuth 2.0 framework. This secure authorization allows services to access resources like work items, source code, and build results. When authorizing a service, use your Microsoft account (for example, [email protected]
) or your work account (for example, [email protected]
). The authorized service doesn't have access to your Azure DevOps credentials, and you can revoke authorizations as needed.
Prerequisites
- Permissions:
- Be a member of the Project Administrators group.
- The service has the Contributor role, or a custom role with similar permissions, on the resources it needs to access.
- Service compatibility: The service you intend to authorize supports OAuth 2.0 integration with Azure DevOps.
Authorize a service
A typical authorization flow might be similar to the following example:
When you're using a service that relies on Azure DevOps resources, the service requests authorization.
If you're not already signed in, Azure DevOps prompts you to enter your credentials.
After signing in, you get the authorization approval page.
A service can only request full access through the REST APIs, so the authorization request might not be specific.
Review the request and approve the authorization.
The authorized service can access resources within your Azure DevOps organization.
To ensure an authorization request is legitimate, do the following actions:
- Check for the Azure DevOps branding at the top of the approval page.
- Ensure the approval page URL starts with
https://app.vssps.visualstudio.com/
. - Be alert for any HTTPS-related security warnings in your browser.
- Remember that services don't directly ask for your credentials; they rely on the authorization approval page provided by Azure DevOps.
Manage authorizations
Review the services that you granted authorization to access your organization.
Sign in to your organization (
https://dev.azure.com/{yourorganization}
).Select User settings > Profile.
Select Authorizations.
To revoke an authorization so the service can't access your organization on your behalf, select Revoke > Revoke.