Required permissions for Azure DevOps user, OAuth app and token

User

The user we use to integrate organizations in Xopero ONE must have the following permissions:

  • Create new projects: Allow

  • View instance-level information: Allow

  • Create process: Allow

  • Create a workspace: Allow

  • View build resources: Allow

If you encounter the "Need admin approval" alert during organization integration, it means that the permissions of the user you are using are insufficient for the configuration of your organization/Microsoft Entra tenant.

If the "Do not allow user consent" option in Identity Settings -> Applications -> Enterprise applications is enabled, you have to use a user with "Application Administrator" permissions in the "Identity" section.

OAuth app

The user you use to integrate Azure DevOps with Xopero ONE via OAuth must have an administrator role. Otherwise, you will receive a message about lack of permissions or you will not be able to approve the required permissions (the button will be inactive).

During integration Azure DevOps process via OAuth app (default method), you will be asked to grant the appropriate permissions to the Xopero ONE application:

  • Wiki (read and write)

  • Variable Groups (read and create)

  • Work items (read and write)

  • Project and team (read, write and manage)

  • Code (read, write and manage)

  • Build (read and execute)

  • Environment (read and manage)

  • Login and read the profile

Token

You need:

  • Username (not email address)

  • Personal Access Token - when generating PAT it is necessary to indicate the value “All accessible organizations” in the Organization field,

If you have more Azure DevOps organizations and you don't want to add all of them to GitProtect. And only assign a specific organization, then use a "service account" (any account created for integration with the GitProtect application). Such a user must have permissions and access only to the organizations and projects that you want to protected.

Permissions:

  • Build: Read & execute

  • Code: Read, write, & manage

  • Environment: Read & manage

  • Project and Team: Read, write, & manage

  • Variable Groups: Read & create

  • Wiki: Read & write

  • Work Items: Read & create

Last updated