BlogOpen a Ticket
Guides
Start typing to search…

Azure DevOps Services

Prerequisites

Before starting the integration, ensure that access to the relevant Azure DevOps organization is available and that the account being used has sufficient permissions to create Personal Access Tokens. These permissions are required to generate the token that will be used by Invicti ASPM during the integration process.

Integration Steps

  1. Sign in to the Azure DevOps organization at Azure DevOps .

  2. From the home page, open User settings and navigate to Personal access tokens.

  3. Select + New Token to start the token creation process.

  4. Define the token details:

    • Provide a descriptive name for the token.
    • Select All accessible organizations. If the All accessible organizations option is not selected, the token will fail during the integration process. During integration, the system already prompts for the organization to be used. When a specific organization is selected while creating the token, the system attempts to validate access across all organizations, which results in an error and causes the integration to fail.
    • Choose an appropriate expiration period for the token.
    • Configure the required scopes as follows:
      • Code: Full
      • Work Items: Read, Write & Manage
      • Identity: Read & Manage
      • User Profile: Read & Write
    ❗️

    Alternatively, when a more granular permission model is preferred, the following scopes must be granted:

    • Project & Team: Read, Write & Manage
    • Work Items: Read, Write & Manage
    • Complete the process by creating the token.

  5. Copy and securely store the generated token. For security reasons, the token will not be displayed again after leaving or refreshing the page.

  6. After this step, the process can be continued from the Invicti ASPM UI using the generated token

Under Advanced Settings, there are specific configuration options for Azure DevOps Services. When these toggles are enabled, the relevant permissions are granted not only to Administrators but also to Team Leads. This allows Team Leads to add their own organizations as new instances, onboard projects through these instances, and manage access to them independently.

If Azure DevOps will also be used as an Issue Manager, the checkbox at the top of the list must be selected as well.

Updated 3 days ago