⚠️ Note: The Azure DevOps integration previously authenticated via Azure DevOps OAuth. This legacy OAuth flow is no longer supported. The integration now uses Microsoft Entra ID for authentication. If you connected Azure DevOps prior to this change, see Relinking existing credentials below.
To link Azure DevOps with Vanta, follow the steps below. The integration supports both read-only and read+write access, and connects to one Azure DevOps organization per credential. Multiple credentials can be added to connect additional organizations.
Prerequisites
Before connecting, confirm you have the following:
Organization Owner access in Azure DevOps
Administrator access in Vanta
A Microsoft account with permission to authorize the connection in your Azure DevOps tenant
If your organization requires admin consent for third-party app registrations, you will need an account with Entra ID admin consent permissions
Permissions
Vanta requests the following permissions based on your chosen access level:
Access level | Permissions |
Read only | Work items (read), Code (read), User entitlements (read) |
Read + write | Work items (read/write), Code (read), User entitlements (read) |
Setup guide
In Vanta, go to the Integrations page, click Add integration, and search for Azure DevOps. For help, see our guide to the Integrations Page.
Click Connect.
A pop-up modal will appear. Choose your access level:
Read only: Vanta can monitor repositories, users, and work items.
Read + write: additionally allows Vanta to create work items in Azure DevOps from within the platform.
(Optional) If your organization uses a specific Microsoft Entra ID tenant, enter your Tenant ID in the provided field. If you are unsure, you can leave this blank and Vanta will authenticate against your primary tenant.
💡 Tip: To find your Tenant ID in the Azure Portal, go to Microsoft Entra ID → Overview.
Select Connect Azure DevOps.
You will be redirected to Microsoft to authorize the connection. Sign in and approve the requested permissions.
⚠️ Note: If your organization requires admin consent for third-party app registrations, you will need an Entra ID admin account to approve the permissions. Contact your IT administrator if you are unable to complete this step.
If multiple Azure DevOps organizations are associated with your account, select the organization you wish to connect from the dropdown.
ℹ️ Note: Each credential connects to one organization. To connect additional organizations, repeat this process to add another credential. To connect successfully, you must have access to all repositories in the selected organization.
Select Link Azure DevOps account to complete the connection.
Depending on the number of resources, it may take some time for them to populate after connecting. You will see a message confirming they are loading — this can be left to run in the background.
Relinking existing credentials
If your Azure DevOps integration was connected before the Entra ID migration, your existing credentials use the legacy OAuth flow, which is no longer supported. To continue using the integration without disruption, you will need to relink your credentials:
Navigate to Integrations and find the Azure DevOps integration.
Click Manage, then Edit.
Follow the connection steps above to re-authenticate via Microsoft Entra ID.
⚠️ Note: You will need an account with admin consent permissions in your Microsoft Entra ID tenant to complete the relink.
Common Issues
No resources visible after scan completes
If no resources appear after the scan has finished, check the following:
Confirm you are the organization owner in Azure DevOps, not just a project admin. Navigate to your Azure DevOps home page and confirm Organization Settings is visible in the sidebar. See Azure's support article for help with account roles.
Ensure the project's Version Control is set to Git. Vanta does not support TFVC at this time.
Unable to complete authentication/consent
Completing the connection requires an account with permission to grant admin consent in your Microsoft Entra ID tenant. If you see a prompt indicating admin approval is required, contact your IT or Entra administrator.
Connecting additional organizations
Each credential connects to one Azure DevOps organization. To monitor multiple organizations, return to the Integrations page, find Azure DevOps, and add a new credential for each additional organization.
Credentials showing as invalid after the migration
If your credentials are flagged as invalid, your connection may be using the legacy OAuth flow. Follow the steps in Relinking existing credentials above to re-authenticate via Entra ID.