Access with Azure Active Directory groups
Azure DevOps Services
Do you want an easier way to control who can access your team's critical resources and key business assets in Azure DevOps Services? If you already use Microsoft services like Office 365 or Azure Active Directory (Azure AD), you can use the same identities with your organization. Azure AD works with your organization to control access and authenticate users.
When you organize directory members with Azure AD groups, you can reuse those groups to manage permissions in bulk for your organization. Just add those groups to the group that you want. For example, add them to built-in groups like Project Collection Administrators or Contributors, or manually created groups like your project management team. Azure AD group members inherit permissions from the Azure DevOps group, so you don't have to manage group members one at a time.
Not familiar with Azure AD, but want to check it out? Learn more about Azure AD benefits and differences in how you control organization access with Microsoft accounts or with Azure AD.
- Your organization must be connected to Azure Active Directory. My organization uses Microsoft accounts only. Can I switch to Azure AD?. Learn how to connect your organization to Azure AD.
- You must be a Project Administrator, Project Collection Administrator, or organization Owner. You must also have at least Basic access, not Stakeholder.
- To create and manage Azure AD groups, you need Azure AD administrator permissions or have the directory administrator delegate those permissions to you in the Azure portal.
- Be aware that Azure AD changes might take up to 24 hours to be visible in Azure DevOps.
Add an Azure AD group to an Azure DevOps group
Sign in to your organization (
Go to Organization settings.
Choose Security, select the group you want to add a member to, select Members, and then select Add.
Add groups, and then save your changes.
You invite guests into Azure AD and into your Azure AD-backed organizations, without waiting for them to accept. This invitation allows you to add those guests to your organization, grant access to projects, assign extensions, and more.
Add more users or groups, or save your changes if you're done.