Skip to content
Connection Guide

Connect Azure DevOps Without Breaking the Audit Trail

Use this guide to connect Azure DevOps or confirm the export-based path that fits your environment. Aurora keeps source, timestamps, ownership, and collection history attached so the first run becomes reusable proof instead of one-off setup work.

Connector Summary
Connection typeDirect connection
CategorySource control
Checklist4 steps
Want help with rollout?
We'll confirm what can be automated, what stays export-based, and how to keep the first evidence record clean.

First-Run Checklist

Use this sequence to connect Azure DevOps and make sure the first collection lands cleanly.

  1. 1
    Create a Microsoft Entra app registration in the same tenant as the Azure DevOps organization and grant client_credentials access for https://app.vssps.visualstudio.com/.default.
  2. 2
    Add the service principal to the Azure DevOps organization and grant read-only project, repository, work item, and audit-log access.
  3. 3
    Store organization, tenant_id, client_id, and client_secret in Aurora and validate project, repository, work-item, and audit-log reads before scheduled sync.
  4. 4
    Keep Azure DevOps Server and PAT-based onboarding out of this runtime path; this manifest is Azure DevOps Services-only.

Credentials and Secrets

The keys, secrets, or tokens Aurora uses to authenticate and collect proof.

client_secret

Recommended Access

Aurora only asks for the minimum read access needed for collection and checks.

Access requirements depend on the collection mode and scope you choose.