Azure DevOps
Overview
Arnica Integrates directly with your Azure DevOps application to help secure the development environment while identifying risks in real time - alerting your team and assisting with remediation actions. Arnica's integration is configurable allowing org-level provisioning or access to specified projects to extract the necessary data and take remediation actions.
Ensure service account continuity
Create a dedicated application user
It is suggested that your integration leverage a dedicated application user for access to ensure proper provisioning and access persistence.
According to Microsoft’s authentication guidance, Arnica’s Azure DevOps application shall be authorized via OAuth2 only.
While it is a good practice to login via Service Principal to services such as Azure DevOps, this functionality is not supported by Microsoft at this point. An interactive user is required in this case to authorize the access via the Authorization Code Flow.
Prerequisites
Control access in Azure DevOps
To configure the permissions of the Application User, follow the steps below for each Azure DevOps organization:
Click on Organization Settings at the bottom left side of the main Azure DevOps page.
Navigate to Users page and click on Add Users.
Find your Application User, select a Basic access level, and click on Add.
Navigate to the Security menu on the left side of the page, and click on Permissions, then click on the Users tab.
Locate the Application User created in step 3, and click on it.
Navigate to the tab "Member of" and add the user to Project Collection Service Accounts.
Enable 3rd party application access
Click on Organization Settings at the bottom left side of the main Azure DevOps page.
Navigate to the Security menu on the left side of the page, and click on Policies.
Under Application connection policies, Enable Third-party application via OAuth.

Perform the Integration
Head back to Arnica's Integrations page.
Locate Azure DevOps and click Connect.
You will then be redirected to a consent page, Click Accept:

You will then be redirected to Arnica
If the integration was successful, you should see the Azure DevOps integration under the Existing Integrations section:

Last updated
Was this helpful?