Organization management overview

Azure DevOps Services

With an organization in Azure DevOps Services, you can do the following tasks:

  • Collaborate: Work with team members to develop applications using our cloud service.
  • Plan and track: Manage your work, track code defects, and address issues efficiently.
  • Use continuous integration and deployment: Set up automated builds and deployments to streamline your development process.
  • Integrate: Connect with other services using service hooks for seamless workflows.
  • Enhance: Access other features and extensions to extend the capabilities of Azure DevOps.
  • Organize: Create one or more projects to segment and manage your work effectively.

By using these capabilities, you can enhance your development process and improve collaboration within your team.

Note

If you're just getting started, see Get started managing your organization. For information about managing an on-premises Azure DevOps Server, see Administrative tasks quick reference.

Prerequisites

To effectively manage an organization, ensure the following tasks are complete:

Organization:

Connect to your organization

Once you create your organization, you can connect to your projects with tools like Xcode, Eclipse, or Visual Studio, and then add code to your project.

Some clients, like Xcode, Git, and NuGet, require basic credentials (a username and password) to access Azure DevOps. To connect these clients to Azure DevOps, look into the available authentication methods and choose the method that best fits your security and workflow requirements.

Manage access to your organization

Manage access to your organization by adding users. Manage use of features and tasks with access levels and permissions for each user.

You can add and assign an access level to users one-by-one, which is referred to as Direct assignment. You can also set up one or more Group rules and add and assign access levels to groups of users.

Access, access level, and permissions

Understand the following key definitions when managing your user base in Azure DevOps:

  • Access: Indicates that a user can sign into your organization and, at a minimum, view information about your organization. Access is the basic level of interaction a user can have with your Azure DevOps environment.
  • Access levels: Manage access to specific web portal features. Access levels allow administrators to grant users access to the features they need while only paying for those features. For example, users with Basic access can contribute to projects, while users with Stakeholder access can only view and provide feedback.
  • Permissions: Permissions provide or restrict users from completing specific tasks, which are granted through security groups. Permissions control which actions users can perform within the organization, such as creating projects, editing work items, or managing repositories. By assigning users to different security groups, you can tailor their permissions to match their roles and responsibilities.

For an overview of default assignments, see Default permissions and access for Azure DevOps.

Direct assignment

If you don't manage your user base with Microsoft Entra ID, as described in the next section, then you can add users through the following ways:

  • Add users to your organization: Go to Organization settings > Users. Only organization owners or members of the Project Collection Administrator group can add users at this level. Specify the access level and the project the user gets added to. For more information, see Add users to your organization or project.

  • Add users to a team: Go to Project > Summary to add users to one or more teams. Or, go to Project settings > Teams > Team to add users to a specific team. Members of the Project Collection Administrator or Project Administrator groups, or a team administrator, can add users to teams.

    Screenshot shows Web portal, Project Overview page, Invite new users dialog box.

    Unless users are granted an access level directly or through a group rule, they get assigned the best available access level. If there are no more free Basic slots available, the user gets added with Stakeholder access. You can change the access level later via the Organization settings > Users page.

Tip

If you need more than the free users and services included with your organization, set up billing for your organization. This allows you to pay for additional users with Basic access, purchase more services, and acquire extensions for your organization.

For more information about adding users to your organization, see the following articles:

Microsoft Entra ID

If you manage your users with Microsoft Entra ID, you can connect your organization to Microsoft Entra ID and manage access through it. If you already use Microsoft Entra ID, authenticate access to Azure DevOps Services using your directory.

To add users through Microsoft Entra ID, do the following tasks:

  1. Connect your organization to Microsoft Entra ID
  2. Add organization users to your Microsoft Entra ID
  3. Add a Microsoft Entra group to an Azure DevOps group
  4. Create bulk assignments of access levels for users or define group rules and assign access levels

Group rules

A best practice for managing users is to use security groups. You can utilize default security groups, create custom security groups, or reference Microsoft Entra groups. These groups allow you to add and manage user access levels using group rules. For more information, see Add a group rule to assign access levels and extensions.

Other organization management tasks