Azure DevOps Connected Org Via PAT

When first creating my Organization, before connecting Enterpise License or the Enterprise was connected, the organization wanted to connect to my Azure DevOps org using my personal PAT. I see where I can update it in the organization after the fact, but is it possible to connect to the Azure DevOps org via another means than my personal PAT? Or maybe there is a way to move the connection to a Service Account, this way in case someone else needs to manage this in the future (change of roles, user replacement, etc…) it is not tied to my account and PAT?

Hi Matthew,

You’ll need to use a Personal Access Token (PAT) for the integration. However, if you’d like to see support for other authentication methods (like Azure Service Principals), please consider voting for this feature on our roadmap.

In the meantime, your organization could decide to use a dedicated service account for provisioning the PAT, so it’s not tied to an individual user. As noted in the docs:

We highly recommend that you use a dedicated technical user account in Azure DevOps.

But in this case, how can I change the User Assigned to the Org. It seems that after I created and linked the org to our license key, I only have the ability to change the PAT, but not the user. Is it possible? Or does the org need to be recreated under the Service User from the start?

You do not need to recreate your organization. The Personal Access Token (PAT) you configure represents the user performing the integration. If you want to use a different user for the integration, simply update the PAT with one generated for the desired user account. You can do this while logged into SonarQube Cloud as a user who is not that user (who never actually has to login!).

When I generate the PAT from my account in Azure DevOps, and update the Org Binding in Sonar, Sonar tells me the PAT is valid. When I generate the PAT from another account, Service, or Coworker account, it tells me the Token “Failed authentication, the token used is likely not valid”.

Disregard my previous post. There was a Microsoft Azure Entra ID Conditional Access rule affecting a subset of users. I was able to change the PAT to the Service User.

2 Likes