Skip to content

Files

Latest commit

chcomleychcomley
prerequisites
Nov 27, 2024
6b9138e · Nov 27, 2024

History

History
171 lines (106 loc) · 8.93 KB

add-ad-aad-built-in-security-groups.md

File metadata and controls

171 lines (106 loc) · 8.93 KB
title titleSuffix description ms.subservice ms.assetid ms.author author ms.topic monikerRange ai-usage ms.date
Add Active Directory / Microsoft Entra group to a built-in security group
Azure DevOps
Efficiently manage large user groups by adding Active Directory / Microsoft Entra groups to built-in security groups.
azure-devops-security
chcomley
chcomley
tutorial
<= azure-devops
ai-assisted
08/26/2024

Add an Active Directory / Microsoft Entra group to a built-in security group

[!INCLUDE version-lt-eq-azure-devops]

::: moniker range="azure-devops"

In this article, learn how to manage large user groups by adding Microsoft Entra groups to built-in security groups in Azure DevOps. As outlined in About security, authentication, and authorization, there are two main types of built-in security groups: project-level and collection-level. Typically, you add groups to project-level groups like Contributors and Readers. For more information, see Default permissions and access.

The process for adding a Microsoft Entra group to a built-in security group is the same, no matter the access level at which you add them.

::: moniker-end

::: moniker range=" < azure-devops"

In this article, learn how to manage large user groups by adding Active Directory groups to built-in security groups in Azure DevOps. As outlined in About security, authentication, and authorization, there are two main types of built-in security groups: project-level and collection-level. Typically, you add groups to project-level groups like Contributors and Readers. For more information, see Default permissions and access.

The process for adding an Active Directory group to a built-in security group is the same, no matter the access level at which you add them.

::: moniker-end

::: moniker range="azure-devops"

Prerequisites

  • Organization connection: Have your Azure DevOps organization connected to Microsoft Entra ID.
  • Permissions: Be a member of the Project Collection Administrators group in Azure DevOps.
  • Access: Have at least Basic access in Azure DevOps.

::: moniker-end

::: moniker range="azure-devops"

Add Microsoft Entra group to a built-in security group

Note

To enable the Project Permissions Settings Page preview page, see Enable preview features.

Preview page

  1. Sign in to your project (https://dev.azure.com/{Your_Organization/Your_Project}).

  2. Select Project settings > Permissions.

    [!div class="mx-imgBorder"] Screenshot shows highlighted selections, Project settings and Permissions buttons.

  3. Do one of the following actions:

    • Select Readers to add users who require read-only access to the project.
    • Select Contributors to add users who need full contribution access or Stakeholder access.
    • Select Project Administrators to add users who need administrative access to the project.

    In the following example, we select the Contributors group.

    [!div class="mx-imgBorder"]
    Screenshot shows highlighted Contributors group selection.

  4. Select Members > Add.

    [!div class="mx-imgBorder"]
    Screenshot shows highlighted Members tab for Contributors group.

    The default team group and all other teams you add to the project are included as members of the Contributors group. So, you can choose to add a new user as a member of a team instead, and the user automatically inherits Contributor permissions.

  5. Enter the group name into the text box. You can enter multiple identities, separated by commas. The system automatically searches for matches. Select the matching identity or identities that meet your criteria.

    [!div class="mx-imgBorder"] Screenshot shows the Invite members group dialog.

    [!NOTE] The first time you add a group, you can't browse for it or check the friendly name. After adding the identity, you can enter the friendly name directly.

Current page

  1. Sign in to your project (https://dev.azure.com/{Your_Organization/Your_Project}).

  2. Select Project settings > Security.

    Screenshot show selections, Project settings, Security page.

  3. Do one of the following actions:

    • Select Readers to add users who require read-only access to the project.
    • Select Contributors to add users who need full contribution access or Stakeholder access.
    • Select Project Administrators to add users who need administrative access to the project.

  4. Select Members.

    Here we choose the Contributors group.

    [!div class="mx-imgBorder"]
    Screenshot shows Admin context, Security page, Contributors group, Membership page selections.

    The default team group and all other teams you add to the project are included as members of the Contributors group. So, you can choose to add a new user as a member of a team instead, and the user automatically inherits Contributor permissions.

  5. Choose :::image type="icon" source="../../media/icons/add-light-icon.png" border="false":::Add to add a group.

  6. Enter the name of the user into the text box. You can enter several identities into the text box, separated by commas. The system automatically searches for matches. Choose the match that meets your choice.

    Screenshot showing the Add users and group dialog.

    [!TIP] The first time you add a group, you can't browse or check the friendly name. After you add the identity, you can enter the friendly name directly.

::: moniker-end

::: moniker range="< azure-devops"

Add an Active Directory group to a built-in security group

  1. Open the web portal and choose the project where you want to add users or groups. To choose another project, see Switch project, repository, team.

  2. Choose Project Settings, and then Security.

    Screenshot of Project Settings>Security selections.

  3. Select Security and under the Groups section, and then do one of the following actions:

    • Select Readers to add users who require read-only access to the project.
    • Select Contributors to add users who need full contribution access or Stakeholder access.
    • Select Project Administrators to add users who need administrative access to the project.

  4. Next, choose the Members tab.

    In the following example, we choose the Contributors group.

    [!div class="mx-imgBorder"]
    Screenshot showing selection sequence, Admin context, Security page, Contributors group, Membership page.

    The default team group and all other teams you add to the project are included as members of the Contributors group. So, you can choose to add a new user as a member of a team instead, and the user automatically inherits Contributor permissions.

  5. Select :::image type="icon" source="../../media/icons/add-light-icon.png" border="false":::Add to add a group.

  6. Enter the group name in the text box. You can enter multiple groups, separated by commas. The system automatically searches for matches. Select the match that meets your criteria.

    Screenshot showing the Add users and group dialog.

    [!TIP] The first time you add a group, you can't browse or check the friendly name. After you add the identity, you can enter the friendly name directly.

::: moniker-end

Next steps

[!div class="nextstepaction"] Request an increase in permission levels

Related articles