Azure DevOps
Last updated
Last updated
Arnica Integrates directly with your Azure DevOps application to help secure the development environment while identifying risks in real time - alerting your team and assisting with remediation actions. Arnica's integration is configurable allowing org-level provisioning or access to specified projects to extract the necessary data and take remediation actions.
It is suggested that your integration leverage a dedicated application user for access to ensure proper provisioning and access persistence.
According to Microsoftโs authentication guidance, Arnicaโs Azure DevOps application shall be authorized via OAuth2 only.
While it is a good practice to login via Service Principal to services such as Azure DevOps, this functionality is not supported by Microsoft at this point. An interactive user is required in this case to authorize the access via the Authorization Code Flow.
To configure the permissions of the Application User, follow the steps below for each Azure DevOps organization:
Click on Organization Settings at the bottom left side of the main Azure DevOps page.
Navigate to Users page and click on Add Users.
Find your Application User, select a Basic access level, and click on Add.
Navigate to the Permissions menu on the left side of the page and click on Users.
Find the Application User and click on it.
Navigate to the tab "Member of" and add the user to Project Collection Service Accounts.
The permissions above are required for Arnica to provide accurate context and enable real-time security scanning capabilities.
Click on Organization Settings at the bottom left side of the main Azure DevOps page.
Go to the Policies page under the Application Connection Policies category and validate that Third-party application via OAuth is enabled.
Head back to Arnica's Integrations page
Locate Azure DevOps and click Connect
You will then be redirected to a consent page, Click Accept:
You will then be redirected to Arnica
If the integration was successful, you should see the Azure DevOps integration under the Existing Integrations section: