--- id: locations title: Azure DevOps Locations sidebar_label: Locations # prettier-ignore description: Integrating source code stored in Azure DevOps into the Backstage catalog --- The Azure DevOps integration supports loading catalog entities from Azure DevOps. Entities can be added to [static catalog configuration](../../features/software-catalog/configuration.md), or registered with the [catalog-import](https://github.com/backstage/backstage/tree/master/plugins/catalog-import) plugin. Using a service principal: ```yaml integrations: azure: - host: dev.azure.com credentials: - clientId: ${AZURE_CLIENT_ID} clientSecret: ${AZURE_CLIENT_SECRET} tenantId: ${AZURE_TENANT_ID} ``` Using a managed identity: ```yaml integrations: azure: - host: dev.azure.com credentials: - clientId: ${AZURE_CLIENT_ID} ``` Using a personal access token (PAT): ```yaml integrations: azure: - host: dev.azure.com credentials: - personalAccessToken: ${PERSONAL_ACCESS_TOKEN} ``` You can use specific credentials for different Azure DevOps organizations by specifying the `organizations` field on the credential: ```yaml integrations: azure: - host: dev.azure.com credentials: - organizations: - my-org - my-other-org clientId: ${AZURE_CLIENT_ID} clientSecret: ${AZURE_CLIENT_SECRET} tenantId: ${AZURE_TENANT_ID} - organizations: - another-org clientId: ${AZURE_CLIENT_ID} - organizations: - yet-another-org personalAccessToken: ${PERSONAL_ACCESS_TOKEN} ``` If you do not specify the `organizations` field the credential will be used for all organizations for which no other credential is configured. > Note: An Azure DevOps provider is added automatically at startup for > convenience, so you only need to list it if you want to supply a > [personalAccessToken](https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate), > a [service principal](https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/service-principal-managed-identity), > or a [managed identity](https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/service-principal-managed-identity) The configuration is a structure with these elements: - `credentials`: (optional): A service principal, managed identity, or personal access token The `credentials` element is a structure with these elements: - `organizations`: (optional): A list of organizations for which this credential should be used. If not specified the credential will be used for all organizations for which no other credential is configured. - `clientId`: The client ID of the service principal or managed identity (required for service principal and managed identities) - `clientSecret`: The client secret of the service principal (required for service principal) - `tenantId`: The tenant ID of the service principal (required for service principal) - `personalAccessToken`: The personal access token (required for personal access token) > Note: > > - You cannot use a service principal or managed identity for Azure DevOps Server (on-premises) organizations > - You can only use a service principal or managed identity for Microsoft Entra ID (formerly Azure Active Directory) backed Azure DevOps organizations > - You can only specify one credential per host without any organizations specified > - The personal access token should just be provided as the raw token generated by Azure DevOps using the format `raw_token` with no base64 encoding. Formatting and base64'ing is handled by dependent libraries handling the Azure DevOps API