Manage your organization or collection
Azure DevOps Server 2019
After you create an organization or project collection, add contributors and configure policies, settings, and other options available to you. This article provides an overview of tasks to ensure you set up your organization or collection to get maximal use of your services.
When you install Azure DevOps Server, you automatically create a default collection. If you need to create another project collection, see Manage project collections.
Prerequisites
| Category | Requirements |
|---|---|
| Permissions | Member of the Project Collection Administrators group. Organization owners are automatically members of this group. |
Note
This article provides an overview of tasks that require membership in the Project Collection Administrators group. For information on tasks performed by members of a Project Administrators group, see Manage your project.
Add users to your organization
For large enterprises, the recommended method to manage Azure DevOps users, is to connect Azure DevOps to Active Directory (AD) and manage user access through security groups defined in AD. That way, when you add and remove users or groups from AD, you automatically add and remove these same users and groups from Azure DevOps. Typically, you should install Active Directory before installing Azure DevOps. You limit the maintenance of managing permissions and user access.
For small and large enterprises, you add users to a server instance through the web portal Access levels interface. All users added to the server instance can be added to one or more projects defined within the project collection defined in the server instance.
When you add users, you specify their access level, which determines the features they can use through the web portal. For more information, review these resources:
- Get started with permissions, access, and security groups
- About access levels
- Add users or groups to an access level
- Install Active Directory Domain Services (Level 100)
Note
Even if you add a user or group to an access level, you must also add them to a project for them to connect to a project and access features available through a supported client or the web portal.
Manage security and permissions
Permissions and security groups control access to specific tasks.
The following table lists the permissions assigned at the organization or collection level. All permissions, except for Make requests on behalf of others, are granted to members of the Project Collection Administrators group. For more information, see Permissions and groups reference, Groups.
General
- Alter trace settings
- Create new projects
- Delete team project
- Edit instance-level information
- View instance-level information
Service Account
- Make requests on behalf of others
- Trigger events
- View system synchronization information
Boards
- Administer process permissions
- Create process
- Delete field from organization or account
- Delete process
- Edit process
Repos (TFVC)
- Administer shelved changes
- Administer workspaces
- Create a workspace
Pipelines
- Administer build resource permissions
- Manage build resources
- Manage pipeline policies
- Use build resources
- View build resources
Test Plans
- Manage test controllers
Policies
- Manage enterprise policies
For more information about security and setting permissions at the collection-level, review the following articles:
- Get started with permissions, access, and security groups
- Change permissions at the organization or collection-level.
Add members to the Project Collection Administrators group
The person who creates a project collection is automatically added as a member to the Project Collection Administrators group. Members of this group have permissions to manage the settings, policies, and processes for the organization. Members can also create and manage all projects defined in the organization, and install and manage extensions.
It's always a good idea to have more than one person who has administrative privileges. Look up a Project Collection Administrator and then ask them to add you to the group.
Set security policies
Configure the security policies for your organization through the Organization settings > Policies page. These policies let you grant or restrict the following features:
- Non-microsoft application access via OAuth
- SSH authentication
- Creation of public projects
- Invitation of GitHub user accounts
For more information, see Change application connection & security policies for your organization.
Manage extensions
An extension is an installable unit that adds new capabilities to your projects. Azure DevOps extensions support the following functions:
- Planning and tracking of work items, sprints, scrums, and so on
- Build and release flows
- Code testing and tracking
- Collaboration among team members
For example, to support code search, install the Code Search extension.
You want to tell your users about extensions and that they can request an extension. To install and manage extensions, be an organization Owner, a member of the Project Collection Administrators group. Or, you can get added to the Manager role for extensions.
Install Code Search
Code Search is a free Marketplace extension that lets you search across all your source repositories. For more information, see Install and configure Search.
Turn on Analytics
The Analytics service is the reporting platform for Azure DevOps, replacing the previous platform based on SQL Server Reporting Services. Analytics is built for reporting and optimized for fast read-access and server-based aggregations. Use it to answer quantitative questions about the past or present state of your projects.
For more information, see What is the Analytics service? and Turn on the Analytics service.
Configure DevOps settings
Use the following settings, which get defined at the organization-level, to support your work.
- Add agent pools
- Define pipeline retention settings
- Define repository settings:
Customize work-tracking processes
All work-tracking tools are available immediately after you create a project. Often, one or more users might want to customize the experience to meet one or more business needs. Processes are easily customized through the user interface. However, you might want to establish a methodology for who manages the updates and evaluates requests.
For more information, see the following articles:
Alert users with information banners
Communicate with your Azure DevOps users quickly through information banners. Use banners to alert your Azure DevOps users to upcoming changes or events without sending mass emails. For more information, see Add and manage information banners.
Review and update notifications
Many notifications are predefined at the organization or collection level. You can manage subscriptions or add new subscriptions.
Configure an SMTP server
For team members to receive notifications, you must configure an SMTP server.
Scale your organization or collection
To learn about scaling your organization, see the following articles.