az devops security group

Manage security groups.

Commands

az devops security group create Create a new Azure DevOps group.
az devops security group delete Delete an Azure DevOps group.
az devops security group list List all the groups in a project or organization.
az devops security group membership Manage memberships for security groups.
az devops security group membership add Add membership.
az devops security group membership list List memberships for a group or user.
az devops security group membership remove Remove membership.
az devops security group show Show group details.
az devops security group update Update name AND/OR description for an Azure DevOps group.

az devops security group create

Create a new Azure DevOps group.

az devops security group create [--description]
[--detect {false, true}]
[--email-id]
[--groups]
[--name]
[--org]
[--origin-id]
[--project]
[--scope {organization, project}]

Examples

Create an Azure DevOps Group with name and description

az devops security group create --name 'Some group name'
--description 'Something to describe this group'

Add an existing AAD group to an Azure DevOps group

Get object ID of an existing AAD group
az ad group show -g '{Group Name}'
az devops security group create --origin-id '{Object ID}' --groups 'vssgp.someDescriptorForGroup'

Add an existing AAD group to an Azure DevOps group with AAD group Email ID

az devops security group create --email-id '{Email ID of AAD group}'
--groups 'vssgp.someDescriptorForGroup'

Create a new Azure DevOps group and add it to existing Azure DevOps groups.

az devops security group create --name 'Some group name'
--groups 'vssgp.someDescriptorForGroupOne,vssgp.someDescriptorForGroupTwo'

Optional Parameters

--description

Description of Azure DevOps group.

--detect

Automatically detect organization.

accepted values: false, true
--email-id

Create new group using the mail address as a reference to an existing group from an external AD or AAD backed provider. Required if name or origin-id is missing.

--groups

A comma separated list of descriptors referencing groups you want the newly created group to join.

--name

Name of Azure DevOps group.

--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

--origin-id

Create new group using the OriginID as a reference to an existing group from an external AD or AAD backed provider. Required if name or email-id is missing.

--project -p

Name or ID of the project in which Azure DevOps group should be created.

--scope

Create group at project or organization level.

accepted values: organization, project
default value: project

az devops security group delete

Delete an Azure DevOps group.

az devops security group delete --id
[--detect {false, true}]
[--org]
[--yes]

Required Parameters

--id

Descriptor of the group.

Optional Parameters

--detect

Automatically detect organization.

accepted values: false, true
--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

--yes -y

Do not prompt for confirmation.

az devops security group list

List all the groups in a project or organization.

az devops security group list [--continuation-token]
[--detect {false, true}]
[--org]
[--project]
[--scope {organization, project}]
[--subject-types]

Optional Parameters

--continuation-token

If there are more results that can't be returned in a single page, the result set will contain a continuation token for retrieval of the next set of results.

--detect

Automatically detect organization.

accepted values: false, true
--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

--project -p

List groups for a particular project.

--scope

List groups at project or organization level.

accepted values: organization, project
default value: project
--subject-types

A comma separated list of user subject subtypes to reduce the retrieved results. You can give initial part of descriptor [before the dot] as a filter e.g. vssgp,aadgp.

az devops security group show

Show group details.

az devops security group show --id
[--detect {false, true}]
[--org]

Required Parameters

--id

Descriptor of the group.

Optional Parameters

--detect

Automatically detect organization.

accepted values: false, true
--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

az devops security group update

Update name AND/OR description for an Azure DevOps group.

az devops security group update --id
[--description]
[--detect {false, true}]
[--name]
[--org]

Required Parameters

--id

Descriptor of the group.

Optional Parameters

--description

New description for Azure DevOps group.

--detect

Automatically detect organization.

accepted values: false, true
--name

New name for Azure DevOps group.

--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.