Authorize other services to access your VSTS account
When you use a service that's integrated with VSTS, we use the industry-standard OAuth 2.0 authorization framework to provide safe, secure access to your resources by those other services. With OAuth, you grant a service the authorization to access your VSTS resources such as work items, source code, build results.
Authorizations are bound to your credentials, so the service can use the authorization to access resources in any VSTS account that you have access to.
Use your Microsoft account (like
email@example.com) or your work account (your account in Azure AD - like
firstname.lastname@example.org) to authorize the service.
The service that you authorize never has access to your VSTS credentials.
Revoke any authorizations that you've granted to other services.
Authorize a service
A typical authorization flow might go like this:
You're using a service that uses VSTS resources, so the service requests authorization from VSTS.
If you're not already signed in, VSTS will prompt you for your credentials.
After you've signed in, you get the VSTS authorization approval page.
At this point in time, services can only request full access to all of the resources that are available to you through the REST APIs, so don't be surprised that the authorization request is not more specific.
You review the request and approve the authorization.
The authorized service uses that authorization to access resources in your Visual Studio account.
To ensure an authorization request is legitimate:
Look for the VSTS branding across the top of the authorization approval page.
Ensure the authorization approval page URL begins with
Pay attention to any HTTPS-related security warnings in your browser.
Remember that other services do not ask for your credentials directly. They let you provide them to VSTS through the VSTS authorization approval page.
To see the services that you've authorized to access your account, go to https://app.vssps.visualstudio.com/Profile/View and follow the Manage applications link.
You can revoke any authorizations here and the service will no longer be able to access your account on your behalf.