Organization management overview
Azure DevOps Services
With an organization, you gain access to Azure DevOps Services, where you can do the following tasks:
- Collaborate with others to develop applications by using our cloud service
- Plan and track your work and code defects and issues
- Set up continuous integration and deployment
- Integrate with other services by using service hooks
- Obtain more features and extensions
- Create one or more projects to segment work
Before you can manage an organization, do the following tasks:
- Plan your organizational structure in Azure DevOps Services.
- Create your organization and invite others, so they have access.
Connect to your organization
Once you've created your organization, you can connect to your projects with tools like Xcode, Eclipse, or Visual Studio, and then add code to your project.
Some clients, like Xcode, Git, and NuGet, require basic credentials (a username and password) to access Azure DevOps. To connect these clients to Azure DevOps, create personal access tokens (PATs) to authenticate your identity. Then, you can use a credential manager to create, store, and secure your tokens. This way, you don't have to reenter them every time you make updates. Or, if you don't want to use a credential manager, you can create PATs manually.
Manage access to your organization
Manage access to your organization by adding users. Manage use of features and tasks with access levels and permissions for each user.
Access, access level, and permissions
Understand the following three key definitions when you manage your user base:
- Access indicates a user can sign into your organization, and at a minimum view information about your organization.
- Access levels grant or restrict access to select web portal features. Access levels enable administrators to provide their user base access to the features they need and only pay for those features.
- Permissions, granted through security groups, provide and restrict users from completing specific tasks.
For an overview of default assignments, see Default permissions and access for Azure DevOps.
If you don't manage your user base with Azure AD, as described in the next section, then you can add users through the following ways:
Add users to your organization from the Organization settings > Users page. Only organization owners or members of the Project Collection Administration group can add users at this level. Specify the access level and the project(s) the user gets added to. For more information, see Add users to your organization or project.
Add users to one or more teams from the Project > Summary page or to a specific team from the Project settings > Teams > Team page. Members of the Project Collection Administration or Project Administration groups, or a team administrator can add users to teams.
Unless users get granted an access level directly or through a group rule, they're assigned the best available access level. If there are no more free Basic slots available, then the user is added as a Stakeholder. The access level can be changed later through the Organization settings > Users page.
If you need more than the free users and services included with your organization, set up billing for your organization. You can then pay for more users with Basic access, buy more services, and purchase extensions for your organization.
For more information about adding users to your organization, see the following articles:
If you manage your users with Azure AD, you can connect your organization to Azure AD and manage access through Azure AD. If you already use Azure AD, use your directory to authenticate access to Azure DevOps Services.
Do the following tasks, to add users through Azure AD:
- Connect your organization to Azure AD. If you need to set up Azure AD, do that now.
- Go to Azure AD and sign in with your organization account.
- Add organization users to your Azure AD.
- Add an Azure AD group to an Azure DevOps group.
- Create bulk assignments of access levels for users, or define group rules and assign access levels.
A best practice is to manage users through security groups. You can use the default security groups, create custom security groups, or reference Azure AD groups. You can use any of these groups to add and manage user access levels using group rules. For more information, see Add a group rule to assign access levels and extensions.
Other organization management tasks
- Add external users
- Link work accounts to Visual Studio subscriptions
- Remove users
- Change app access policies
- Authenticate with PATs
- Revoke user PATs
Manage Azure AD access
- Remove Azure DevOps users
- Disconnect from Azure AD
- Change your Azure AD tenant connection
- Restrict organization creation with tenant policy
- About accessing your organization with Azure AD
Manage group-based licensing
Manage organization settings
- Change organization owner
- Rename organization
- Delete an organization
- Recover a deleted organization
- Change location (region)
- Change time zone