Skip to Content
IntegrationsGitAzure DevOps

Azure DevOps

Our Azure DevOps integration collects metadata about your organization’s activity across repositories, pull requests, and deployments. We never read, transmit, or store source code. Sensitive data, such as branch names and pull request titles, are always encrypted.

Permissions

We request only the necessary permissions to analyze Git metadata. Below is a description of the scopes requested when connecting to Azure DevOps:

  • Build: Read access to build artifacts, including build results
  • Code: Read access to source code and metadata about commits, changesets, branches, and other version control artifacts
  • Code (status): Ability to read and write commit and pull request status
  • Member Entitlement Manager: Read access to users
  • Project and Team: Read access to projects and teams
  • Release: Read access to release artifacts

You can learn more about scopes for Azure DevOps in Microsoft’s documentation .

Connecting Azure DevOps

There are two primary methods to connect your Azure DevOps organization.

Important

You must be an Entra admin or able to install Microsoft Entra enterprise applications. If you do not have permissions, you may need to request approval before you can install our application. You must have access to a “Service Account” dedicated to installing Azure DevOps apps (if preferred over using a personal account).

Option 1: Connect Using a Personal Account

This method is the simplest and fastest way to get started. It uses the personal credentials of an existing user in Azure DevOps to establish the connection.

The user who connects should have “Project Collection Administrator” or “Organization Owner” permissions in order to provide access to all the repositories in your organization.

A disadvantage of this approach is that the connection is linked to an individual’s account. If that user leaves the company or their permissions are changed, the integration will break and must be re-established by another owner.

Create an account

Sign up for a Software.com account .

Connect to Azure DevOps

If you have not yet connected a Git provider, you can connect to Azure DevOps by clicking the Azure DevOps icon on the Connect Git page. You can also navigate to Settings, then Connected Apps to view available integrations.

Sign in and authorize

Sign in to Azure DevOps using your personal Azure DevOps account. Authorize Software.com to access your Azure DevOps organization. Once authorized, we will start backfilling your historical data.

Option 2: Connect as a “Service Account”

This method involves creating a dedicated user account in your Azure DevOps organization (e.g., svc-software-com@yourcompany.com ) solely for this integration.

In this setup, the integration is not tied to an individual person, so it will not break due to personnel changes; however, it will consume an extra paid user license in Azure DevOps.

Create a new user account

Create a new user account in your Microsoft Entra ID or Active Directory that is connected to your Azure DevOps organization.

  • Add the user to your Azure DevOps organization:
  • Navigate to Organization Settings > Users and click Add users.
  • Add the new service account user (e.g., svc-software-com@yourcompany.com ).
  • Set the Access level to “Basic”. This will consume one license.

Grant Administrator permissions

Navigate to Organization Settings > Permissions.

  • Select the Project Collection Service Accounts group.
  • Click the Members tab, then Add, and add the new service account user to this group.

Connect in Software.com

Complete the same steps as in Option #1, but use the credentials of this newly created service account to establish the connection when connecting ADO.

Steps to Approve a Request (Entra Admin) in Azure AD

Note

Once approved, the user who initially tried to connect Azure DevOps can repeat the same steps in Option #1 or Option #2 to connect Azure DevOps to Software.com.

If your organization requires Admin approval to install Enterprise Apps into Azure AD, follow these instructions to approve the application.

  1. Sign in to the Azure Portal  with your Azure AD administrator credentials. You will need to have at least a Cloud Application Administrator role to review and act on these requests.
  2. Navigate to Azure Active Directory in the left-hand navigation pane.
  3. In the left-hand navigation pane, go to Identity > Applications > Enterprise applications.
  4. Under the Activity section, select Admin consent requests.
  5. Select the Software.com application from the list of pending requests.
  6. Go to the Review permissions and consent tab.
  7. Click Grant Admin Consent to approve the request.

Once approved, all users who requested the app will be notified, and the application will be available for use by all users in the tenant unless you have configured it to require user assignment.

Last updated on
IntegrationsBitbucket