# Azure DevOps ## Overview Arnica Integrates directly with your Azure DevOps application to help secure the development environment while identifying risks in real time - alerting your team and assisting with remediation actions. Arnica's integration is configurable allowing org-level provisioning or access to specified projects to extract the [necessary data](https://docs.arnica.io/arnica-documentation/security/data-handling) and take remediation actions. ## Ensure service account continuity ### Create a dedicated application user It is suggested that your integration leverage a dedicated application user for access to ensure proper provisioning and access persistence. According to [Microsoft’s authentication guidance](https://docs.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/authentication-guidance?view=azure-devops), Arnica’s Azure DevOps application shall be authorized via OAuth2 only. While it is a good practice to login via Service Principal to services such as Azure DevOps, this functionality is not supported by Microsoft at this point. An interactive user is required in this case to authorize the access via the [Authorization Code Flow](https://docs.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops). ## Prerequisites ### Control access in Azure DevOps To configure the permissions of the Application User, follow the steps below for each Azure DevOps organization: 1. Click on **Organization Settings** at the bottom left side of the main Azure DevOps page. 2. Navigate to **Users** page and click on **Add Users**. 3. Find your Application User, select a **Basic** access level, and click on **Add**.

4. Navigate to the **Security** menu on the left side of the page, and click on **Permissions,** then click on the **Users** tab. 5. Locate the Application User created in step 3, and click on it. 6. Navigate to the tab "**Member of**" and add the user to **Project Collection Service Accounts**.

{% hint style="info" %} The permissions above are required for Arnica to provide accurate context and enable real-time security scanning capabilities. {% endhint %} ### Enable 3rd party application access 1. Click on **Organization Settings** at the bottom left side of the main Azure DevOps page. 2. Navigate to the **Security** menu on the left side of the page, and click on **Policies**. 3. Under **Application connection policies,** Enable **Third-party application via OAuth**.

## Perform the Integration 1. Head back to Arnica's [Integrations page](https://app.arnica.io/#/admin/integrations). 2. Locate **Azure DevOps** and click **Connect.** 3. You will then be redirected to a consent page, Click **Accept:**

4. You will then be redirected to Arnica 5. If the integration was successful, you should see the **Azure DevOps** integration under the **Existing Integrations** section: