Skip to content

Latest commit

 

History

History
190 lines (115 loc) · 9.6 KB

add-ad-aad-built-in-security-groups.md

File metadata and controls

190 lines (115 loc) · 9.6 KB
title titleSuffix description ms.subservice ms.assetid ms.author author ms.topic monikerRange ms.date
Add Active Directory / Microsoft Entra groups to security groups
Azure DevOps
Manage large groups of users by adding Active Directory / Microsoft Entra groups to built-in security groups
azure-devops-security
chcomley
chcomley
tutorial
<= azure-devops
03/23/2023

Add Active Directory / Microsoft Entra users or groups to a built-in security group

[!INCLUDE version-lt-eq-azure-devops]

As described in About security, authentication, and authorization, there are two main types of built-in security groups: project-level and collection-level. In general, you add users and groups to a project-level group such as Contributors and Readers. For users that need to administrate select features and functions, add them or associated groups to the Build Administrators or Project Administrators groups.

Review Default permissions and access to gain insight into the default permissions provided to the built-in, project-level security groups.

::: moniker range="azure-devops"

Learn how to do the following task:

[!div class="checklist"]

  • Add a Microsoft Entra user or group to a built-in security group

::: moniker-end

::: moniker range="< azure-devops"

Learn how to do the following task:

[!div class="checklist"]

  • Add an Active Directory user or group to a built-in security group

::: moniker-end

The method for adding a user or group to a built-in security group is the same, no matter at what level you add them.

::: moniker range="azure-devops"

Note

If the Limit user visibility and collaboration to specific projects preview feature is enabled for the organization, users added to the Project-Scoped Users group won't be able to access projects that they haven't been added to. For more information, see Manage your organization, Limit user visibility for projects and more.

[!INCLUDE project-scoped-users-warning]

::: moniker-end

::: moniker range="azure-devops"

Add Microsoft Entra user or group to a built-in security group

Important

If you're adding a user to Azure DevOps for the first time, see Add users for Azure DevOps. To manage the permissions of a Microsoft Entra group in Azure DevOps, you must first add the Microsoft Entra group to a built-in security group. Once you complete this task, you can then manage your Microsoft Entra group permissions throughout Azure DevOps.

Note

To enable the Project Permissions Settings Page preview page, see Enable preview features.

Preview page

  1. Open the web portal and choose the project where you want to add users or groups. To choose another project, see Switch project, repository, team.

  2. Choose Project settings, and then Permissions.

    Choose Project settings, and then Permissions

  3. Open Security and under the Groups section, choose one of the following actions:

    • To add users who require read-only access to the project, choose Readers.
    • To add users who need to contribute fully to the project or who have been granted Stakeholder access, choose Contributors.
    • For users who need to administrate the project, choose Project Administrators.

  4. Next, choose the Members tab.

    Here we choose the Contributors group.

    [!div class="mx-imgBorder"]
    Admin context, Security page, Contributors group, Membership page

    By default, the default team group and all other teams you add to the project are included as members of the Contributors group. So, you can choose to add a new user as a member of a team instead, and the user would automatically inherit Contributor permissions.

  5. Choose :::image type="icon" source="../../media/icons/add-light-icon.png" border="false":::Add to add a user or a user group.

  6. Enter the name of the user into the text box. You can enter several identities into the text box, separated by commas. The system automatically searches for matches. Choose the match(es) that meets your choice.

    Add users and group dialog

    [!NOTE] The first time you add a user or group, you can't browse to it or check the friendly name. After the identity has been added, you can just enter the friendly name.

Current page

  1. Open the web portal and choose the project where you want to add users or groups. To choose another project, see Switch project, repository, team.

  2. Choose Project Settings, and then Security.

    Project Settings>Security

  3. Open Security and under the Groups section, choose one of the following actions:

    • To add users who require read-only access to the project, choose Readers.
    • To add users who need to contribute fully to the project or who have been granted Stakeholder access, choose Contributors.
    • For users who need to administrate the project, choose Project Administrators.

  4. Next, choose the Members tab.

    Here we choose the Contributors group.

    [!div class="mx-imgBorder"]
    Admin context, Security page, Contributors group, Membership page

    By default, the default team group and all other teams you add to the project are included as members of the Contributors group. So, you can choose to add a new user as a member of a team instead, and the user would automatically inherit Contributor permissions.

  5. Choose :::image type="icon" source="../../media/icons/add-light-icon.png" border="false":::Add to add a user or a user group.

  6. Enter the name of the user into the text box. You can enter several identities into the text box, separated by commas. The system automatically searches for matches. Choose the match(es) that meets your choice.

    Add users and group dialog

    [!NOTE] The first time you add a user or group, you can't browse to it or check the friendly name. After the identity has been added, you can just enter the friendly name.

::: moniker-end

::: moniker range="< azure-devops"

Add an Active Directory user or group to a built-in security group

::: moniker-end

::: moniker range="= azure-devops-2019 || azure-devops-2020"

  1. Open the web portal and choose the project where you want to add users or groups. To choose another project, see Switch project, repository, team.

  2. Choose Project Settings, and then Security.

    Project Settings>Security

  3. Open Security and under the Groups section, choose one of the following actions:

    • To add users who require read-only access to the project, choose Readers.
    • To add users who need to contribute fully to the project or who have been granted Stakeholder access, choose Contributors.
    • For users who need to administrate the project, choose Project Administrators.

  4. Next, choose the Members tab.

    Here we choose the Contributors group.

    [!div class="mx-imgBorder"]
    Admin context, Security page, Contributors group, Membership page

    By default, the default team group and all other teams you add to the project are included as members of the Contributors group. So, you can choose to add a new user as a member of a team instead, and the user would automatically inherit Contributor permissions.

  5. Choose :::image type="icon" source="../../media/icons/add-light-icon.png" border="false":::Add to add a user or a user group.

  6. Enter the name of the user into the text box. You can enter several identities into the text box, separated by commas. The system automatically searches for matches. Choose the match(es) that meets your choice.

    Add users and group dialog

    [!NOTE] The first time you add a user or group, you can't browse to it or check the friendly name. After the identity has been added, you can just enter the friendly name.

::: moniker-end

Next steps

[!div class="nextstepaction"] Request an increase in permission levels

Related articles