How to add Azure AD user to Azure DevOps organisation programmatically

C

2

6

My organisation is connected to Azure AD.

I'd like to add AD users to my Azure DevOps organisation with C# or via Microsoft REST/Graph API.

California answered 5/11, 2019 at 10:52 Comment(0)

F

4

You can do it with User Entitlements - Add Rest API:

POST https://vsaex.dev.azure.com/{organization}/_apis/userentitlements?api-version=5.1-preview.2

Example of the json body:

{
  "accessLevel": {
    "accountLicenseType": "express"
  },
  "extensions": [
    {
      "id": "ms.feed"
    }
  ],
  "user": {
    "principalName": "[email protected]",
    "subjectKind": "user"
  },
  "projectEntitlements": [
    {
      "group": {
        "groupType": "projectContributor"
      },
      "projectRef": {
        "id": "e5943a98-a842-4001-bd3b-06e756a7dfac"
      }
    }
  ]
}

Footprint answered 5/11, 2019 at 11:18 Comment(0)

S

2

You can use the User Entitlements - Add API as Shayki mentioned, however, I would like to share the code I used with Azure function to do the same,

public static async Task<string> AddUserEntitlment(
            [ActivityTrigger] VSTSIntegrationContext vstsIntegrationContext,
            ILogger log
        )
        {
            try
            {
                var accountName = vstsIntegrationContext.VstsInstance;
                string Url = string.Format(@"https://{0}.vsaex.visualstudio.com/_apis/userentitlements?api-version=4.1-preview"
                            , vstsIntegrationContext.VstsInstance);
                var content = JsonConvert.SerializeObject(
                    new
                    {
                        accessLevel = new
                        {
                            accountLicenseType = "express"
                        },
                        user = new
                        {
                            principalName = vstsIntegrationContext.Email,
                            subjectKind = "user"
                        }
                    });
                    log.LogInformation("===========PAT: vstsIntegrationContext.VstsPAT");
                var response = await VSTSHelpers.CallVSTSAPI(vstsIntegrationContext.VstsInstance, vstsIntegrationContext.VstsPAT, Url, "POST", content);
                log.LogInformation("====response:" + response);
                response.EnsureSuccessStatusCode();                
                dynamic data = await response.Content.ReadAsAsync<object>();
                return data.operationResult.userId;
            }
            catch (Exception ex)
            {
                log.LogError(ex.ToString());
                throw;
            }
        }

Powershell script

function Add-UserEntitlement {
    [OutputType([int])]
    Param
    (
        [String]$userEmail,
        [String]$projAccessLevel,
        [String]$projId


    )

    Begin {
        $creds = Import-Clixml -Path creds.xml
        [string]$AccName = $creds.AccountName
        [string]$userName = $creds.UserName
        [string]$vstsToken = $creds.Token
        $VstsAuth = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $userName, $vstsToken)))
    }
    Process {

        $vstsUri = "https://$AccName.vsaex.visualstudio.com/_apis/userentitlements?api-version=4.1-preview"
        $vstsUEBody = @{
            accessLevel = @{ accountLicenseType = "express" }
            user = @{ principalName = $userEmail; subjectKind = "user" }
            projectEntitlements = @{ 
                group = @{ groupType = $projAccessLevel }
                projectRef = @{ id = $projId }
            } 
        }

        $RestParams = @{
            ContentType = "application/json"
            Method = 'Post'
            URI = $vstsUserUri
            Body = $vstsUEBody | ConvertTo-Json
            Headers = @{Authorization=("Basic {0}" -f $VstsAuth)}
        }

        $vstsUpdateResult = Invoke-RestMethod @RestParams

    }
    End {
    }
}

Synesthesia answered 5/11, 2019 at 12:26 Comment(0)

Recommended topics

Hot tags