Introduction
When managing any IT infrastructure, you want to rely on as much automation as possible. As you probably know, you can integrate Azure DevOps with Azure Active Directory. The next step would be to ensure that you do not need to do any manual tasks in terms of adding/removing users from Azure DevOps. Which is something you can do with Group Rules. So for today, let us go through a brief setup of how we can achieve that all users from a given Azure Active Directory (AAD) group get automatically added upon login to a given access level in Azure DevOps.
What are we going to do?
The thing we want to achieve it the following outcome ;
A user got added by a group rule and not “Direct”-ly (manual). We want to choose which access level this user gets by default too.
Let us make it real!
In AAD, I have created a group called “ADO_StakeHolder”.
Which has four users ;
And my Azure DevOps (ADO) organization is linked to the same AAD ;
Now let us go to “Users” and then to “Group Rules” ;
Click “Add Group rule” ;
And I am going to add the group I just created and give it a default access level. Yes, in the screenshot I selected Basic instead of my group indicating Stakeholder… Dang! But you get the idea, right? Anyhow, the group will be “processed” (evaluated), and we are good to go. You will see nothing changing in the user lists…
Until after the user logged in for the first time. Then the user gets added, and the administrator sees that the source was “Group Rule”.
Closing Thoughts
The odd thing was that till now I had not played around with the group rules yet. So big shoutout to Mike for giving me the golden tip on how to achieve this! 😉
Karim Vaes 