# Authorizing Azure DevOps

## Check your Azure DevOps connection

If you have problems connecting TicketLog to Azure DevOps, please review the steps below.

<figure><img src="/files/CEF5g6l1sFlCZbbnpDUG" alt="" width="563"><figcaption></figcaption></figure>

1. Before connecting TicketLog to Azure DevOps:\
   \
   You must choose which Azure DevOps user you would like to act as the **Integration user**. The Integration user's name will appear on all comments, so instead of using a personal account you may prefer to use a dedicated user account (such as *<devops@your-company.com>*).\
   \
   If you decide to use a dedicated account, you must create this account with the proper access privilages (Project Administrator) for your Azure DevOps project. We recommend authorizing the Integration user from the Visual Studio Extension instead of from TicketLog configuration page. See [Azure DevOps extension](/documentation/azure-devops-extension.md#authorize-service-desk) for more information on this method.
2. If you see the error *"Identity {Identity number} has not been materialized, please use interactive login over the browser first"* this means that the user has not completed a first-time sign in to Azure DevOps. Please sign in to Azure DevOps with this user to setup the user's account.
3. Check that the Integration user is a Project Administrator of the target project.
   * Visit **Organization Settings** > **Users**.
   * Find the Integration user and select **Manage User** in the context menu.
   * For the intended project, select *Project Administrators*.<br>

     <figure><img src="/files/1ApFpmeR7aU9yfUIukcN" alt=""><figcaption></figcaption></figure>
4. Check that API access is permitted for your Organization.
   * Visit **Organization Settings** > **Policies**.
   * Ensure *Third-party application access via OAuth* is **On**.<br>

     <figure><img src="/files/3bOBESauv9licXcPnSFS" alt=""><figcaption></figcaption></figure>
5. Check the Integration user has been granted access to the project.
   * Open a new *Incognito* or *Private* browser session.
   * Visit the Azure Dev Ops "AEX" page here:
     * <https://aex.dev.azure.com/me>
   * Log into Azure DevOps with the Integration user.
   * Click **Manage authorizations** in the bottom left:<br>

     <figure><img src="/files/JgmaUwROkvvLLO9VmQAF" alt=""><figcaption></figcaption></figure>
   * In the popup, you should see "TicketLog" as an authorized application:\ <br>

     <figure><img src="/files/AtMbssGXbE3AbOksgrXb" alt=""><figcaption></figcaption></figure>
6. Check the Integration user is from the intended Directory.
   * If your Integration user has access to multiple directories, then you must carefully ensure you have authorized the user from the proper directory.
   * Open a new Incognito or Private browser session.
   * Visit the Azure Dev Ops "AEX" page here:
     * <https://aex.dev.azure.com/me>
   * Log into Azure DevOps with the Integration user.
   * Check each directory in the drop list (see "1" in screenshot), and verify in "Manage Authorizations" (see "2" in screenshot) that you have given authorization to the correct directory.<br>

     <figure><img src="/files/IDLDxOxzZa7lE7Hnhvz5" alt=""><figcaption></figcaption></figure>
   * If it is missing, then you can simply re-authorize from TicketLog configuration page. When doing so, check the correct user (see "1" in screenshot) and Directory (see "2" in screenshot) are being used.
     * *Note: the Grant Access step will use the directory most recently selected in the "AEX" page.*<br>

       <figure><img src="/files/yWfHfgVUjhzPQl6enaCs" alt=""><figcaption></figcaption></figure>

## Additional Requirements

TicketLog assumes the Azure DevOps project being connected to is based on a Basic, Agile, or CMMI project template, and that standard Project Administrator permissions are set for the integration user. TicketLog does support customised project templates or user permissions, however there are a few requirements:

* The target Project has correct workitem type.
  * By default, TicketLog uses the "Issue" type, however other workitem types are configurable in TicketLog settings.
* The integration user is allowed to create Service Hooks
* The intgation user is allowed to create Tags
* The target Area Path exists
  * By default, no Area Path is specified.
* There are no unexpected "required" fields.
  * The standard required fields are: IterationId, AreaId, Title, and State. No other required system fields are currently supported.&#x20;
  * Required custom fields are supported, but this requires a TicketLog PRO subscription and properly configured Custom fields.<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ticket-log.com/troubleshooting/authorizing-azure-devops.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.