Azure AD Sync with Azure DevOps

Question

I've successfully connected my Azure DevOps organization with my Azure AD Tenant. Authentication works ok (only users from my tenant can log in) but I can't see any groups from my Azure AD on Azure DevOps level (it is like 5 days after I've done the connection) so my question is how to fore sync between Azure Ad and Azure DevOps? My goal is to have one group on Azure AD (where I would add people responsible for dev-ops stuff) and add this group to Azure DevOps.

I will be very grateful for any help or pointers on how to solve this.

Answer 1

As of March-2024, there is direct way to do this:

1. On Azure DevOps as Admin, Go to Organisation Settings > General > Microsoft Entra.
2. Click on Connect Directory Button
3. Select the Tenant and click connect.

Warning: Please ensure that you are member on tenant you connect to else might lose acess to the Azure Organisation.

Answer 2

This sounds very familiar to my issue I was having, which I posted a similar answer to on this stack overflow question.

Essentially you cannot see/search Azure AD users or groups as a Guest user - are you a Guest user in this Azure AD?

If you are a guest user you will need to convert yourself to a Member rather than Guest.

My solution was to

• Download the AzureAD powershell module
  • Install-Module AzureAD
• Connect to my AzureAD instance
  • Connect-AzureAD -TenantId [your tenant id]
• Update the user
  • Set-AzureADUser -ObjectId [User object id] -UserType Member

Once I logged out and in again (clearing my cookies) - tadaa! All my Azure AD groups/users were visible to me in the add screens of my DevOps organization.

Answer 3

In my opinion to fore sync between Azure Ad and Azure DevOps you can create group in azure AD and then add that to the built in groups which are already there in the AD. The azure devops permissions comes in sync that way. "Azure AD group members inherit permissions from the Azure DevOps group, so you don't have to manage group members one at a time."