Organization management overview

Azure DevOps Services

With an organization, you gain access to Azure DevOps Services, where you can do the following tasks:

  • Collaborate with others to develop applications by using our cloud service
  • Plan and track your work and code defects and issues
  • Set up continuous integration and deployment
  • Integrate with other services by using service hooks
  • Obtain more features and extensions
  • Create one or more projects to segment work

Note

If you're just getting started, see Get started managing your organization. For information about managing an on-premises Azure DevOps Server, see Administrative tasks quick reference.

Prerequisites

Before you can manage an organization, do the following tasks:

Connect to your organization

Once you've created your organization, you can connect to your projects with tools like Xcode, Eclipse, or Visual Studio, and then add code to your project.

Some clients, like Xcode, Git, and NuGet, require basic credentials (a username and password) to access Azure DevOps. To connect these clients to Azure DevOps, create personal access tokens (PATs) to authenticate your identity. Then, you can use a credential manager to create, store, and secure your tokens. This way, you don't have to reenter them every time you make updates. Or, if you don't want to use a credential manager, you can create PATs manually.

Manage access to your organization

Manage access to your organization by adding users. Manage use of features and tasks with access levels and permissions for each user.

You can add and assign an access level to users one-by-one, which is referred to as Direct assignment. You can also set up one or more Group rules and add and assign access levels to groups of users.

Access, access level, and permissions

Understand the following three key definitions when you manage your user base:

  • Access indicates a user can sign into your organization, and at a minimum view information about your organization.
  • Access levels grant or restrict access to select web portal features. Access levels enable administrators to provide their user base access to the features they need and only pay for those features.
  • Permissions, granted through security groups, provide and restrict users from completing specific tasks.

For an overview of default assignments, see Default permissions and access for Azure DevOps.

Direct assignment

If you don't manage your user base with Microsoft Entra ID, as described in the next section, then you can add users through the following ways:

  • Add users to your organization from the Organization settings > Users page. Only organization owners or members of the Project Collection Administration group can add users at this level. Specify the access level and the project(s) the user gets added to. For more information, see Add users to your organization or project.

  • Add users to one or more teams from the Project > Summary page or to a specific team from the Project settings > Teams > Team page. Members of the Project Collection Administration or Project Administration groups, or a team administrator can add users to teams.

    Web portal, Project Overview page, Invite new users dialog box

    Unless users get granted an access level directly or through a group rule, they're assigned the best available access level. If there are no more free Basic slots available, then the user is added as a Stakeholder. The access level can be changed later through the Organization settings > Users page.

Tip

If you need more than the free users and services included with your organization, set up billing for your organization. You can then pay for more users with Basic access, buy more services, and purchase extensions for your organization.

For more information about adding users to your organization, see the following articles:

Microsoft Entra ID

If you manage your users with Microsoft Entra ID, you can connect your organization to Microsoft Entra ID and manage access through Microsoft Entra ID. If you already use Microsoft Entra ID, use your directory to authenticate access to Azure DevOps Services.

Do the following tasks, to add users through Microsoft Entra ID:

  1. Connect your organization to Microsoft Entra ID. If you need to set up Microsoft Entra ID, do that now.
  2. Go to Microsoft Entra ID and sign in with your organization account.
  3. Add organization users to your Microsoft Entra ID.
  4. Add a Microsoft Entra group to an Azure DevOps group.
  5. Create bulk assignments of access levels for users, or define group rules and assign access levels.

Group rules

A best practice is to manage users through security groups. You can use the default security groups, create custom security groups, or reference Microsoft Entra groups. You can use any of these groups to add and manage user access levels using group rules. For more information, see Add a group rule to assign access levels and extensions.

Other organization management tasks