Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure DevOps Services | Azure DevOps Server | Azure DevOps Server 2022
To manage large user groups, add Microsoft Entra groups to built-in security groups in Azure DevOps. As outlined in About security, authentication, and authorization, there are two main types of built-in security groups: project-level and collection-level. Typically, you add groups to project-level groups like Contributors and Readers. For more information, see Default permissions and access.
The process for adding a Microsoft Entra group to a built-in security group is the same, no matter the access level at which you add them.
To manage large user groups, add Active Directory groups to built-in security groups in Azure DevOps. As outlined in About security, authentication, and authorization, there are two main types of built-in security groups: project-level and collection-level. Typically, you add groups to project-level groups like Contributors and Readers. For more information, see Default permissions and access.
The process for adding an Active Directory group to a built-in security group is the same, no matter the access level at which you add them.
Prerequisites
| Category | Requirements |
|---|---|
| Permissions | Member of the Project Collection Administrators group. Organization owners are automatically members of this group. |
| Access levels | At least Basic access. |
| Organization connection | Organization connected to Microsoft Entra ID. |
Add Microsoft Entra group to a built-in security group
Sign in to your project (
https://dev.azure.com/{Your_Organization/Your_Project}).Select Project settings > Permissions.
Select one of the following groups:
- Select Readers to add users who need read-only access to the project.
- Select Contributors to add users who need full contribution access or Stakeholder access.
- Select Project Administrators to add users who need administrative access to the project.
In the following example, select the Contributors group.
Select Members > Add.
The Contributors group includes the default team group and all other teams you add to the project as members. So, you can add a new user as a member of a team instead, and the user automatically inherits Contributor permissions.
Enter the group name into the text box. You can enter multiple identities, separated by commas. The system automatically searches for matches. Select the matching identity or identities that meet your criteria.
Note
The first time you add a group, you can't browse for it or check the friendly name. After adding the identity, you can enter the friendly name directly.
Add an Active Directory group to a built-in security group
Open the web portal and choose the project where you want to add users or groups. To choose another project, see Switch project, repository, team.
Choose Project Settings, and then Security.
Under Groups, select one of the following options:
- Select Readers to add users who need read-only access to the project.
- Select Contributors to add users who need full contribution access or Stakeholder access.
- Select Project Administrators to add users who need administrative access to the project.
Next, choose the Members tab.
In the following example, we choose the Contributors group.
The Contributors group includes the default team group and all other teams you add to the project as members. So, you can add a new user as a member of a team instead, and the user automatically inherits Contributor permissions.
Select
Add to add a group.Enter the group name in the text box. You can enter multiple groups, separated by commas. The system automatically searches for matches. Select the match that meets your criteria.
Tip
The first time you add a group, you can't browse or check the friendly name. After you add the identity, you can enter the friendly name directly.
