Implementing OAuth 2.0 Client Credentials Flow for Azure DevOps Integration

Edit online

Setting up Targetprocess Integration Profile

  1. Go to the Targetprocess settings and open Integrations in the left side menu.
  2. Click +Add on the Azure DevOps profile.
  3. Enter the Azure DevOps organization URL.
  4. Choose OAuth 2.0 Client Credentials in the Select authentication method.
  5. Enter the fields to set up OAuth 2.0 flow. If there was using Microsoft Entra as a provider, enter the following fields:
    • Client ID: Application (client) ID
    • Client Secret: Client secret generated for the application in the Microsoft Entra
    • Authorization Service URL: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token, where {tenantId} is the Directory (tenant) ID from Microsoft Entra for the registered application.
    • Scopes: 499b84ac-1321-427f-aa17-267ca6975798/.default

    This is a hardcoded scoped to request access to Azure DevOps. This GUID is always the same for Azure DevOps.

Registering APP in Microsoft Entra

  1. Go to Microsoft Entra and click Identity -> Applications -> App registrations.
  2. Click + New registration and complete in the application information. Leave the Redirect URI field as is.
  3. Open the newly registered application page and go to Certificates & secrets in the left side menu.
  4. Select Client secrets tab and click + New client secret. Fill in the necessary fields and store the generated client secret, as it will be used for the integration profile setup in Targetprocess.
  5. Go to API permissions in the left side menu and add the following list of permissions for Azure DevOps: vso.identity, vso.work, vso.build, vso.code, vso.profile, vso.project, vso.work_write.
  6. Return to the Overview tab in the left side menu and store the following information needed to set up the integration profile in Targetprocess: Directory (tenant) ID, Application (client) ID, and Client Secret from step 4.

Configure Azure DevOps

  1. Click Organization settings and open the Users tab in the left side menu.
  2. Click Add users and select service principal for the application that is registered previously in the Microsoft Entra.
  3. Assign the selected service principal to the projects to synchronize with Targetprocess.
    Note: Make sure that you assign the service principal to the project administrators group to make synchronization works correctly.