Azure DevOps Connected Org Via PAT

matthew-patrick · July 2, 2025, 8:32pm

When first creating my Organization, before connecting Enterpise License or the Enterprise was connected, the organization wanted to connect to my Azure DevOps org using my personal PAT. I see where I can update it in the organization after the fact, but is it possible to connect to the Azure DevOps org via another means than my personal PAT? Or maybe there is a way to move the connection to a Service Account, this way in case someone else needs to manage this in the future (change of roles, user replacement, etc…) it is not tied to my account and PAT?

Colin · July 3, 2025, 5:11pm

Hi Matthew,

You’ll need to use a Personal Access Token (PAT) for the integration. However, if you’d like to see support for other authentication methods (like Azure Service Principals), please consider voting for this feature on our roadmap.

In the meantime, your organization could decide to use a dedicated service account for provisioning the PAT, so it’s not tied to an individual user. As noted in the docs:

We highly recommend that you use a dedicated technical user account in Azure DevOps.

matthew-patrick · July 7, 2025, 12:11pm

But in this case, how can I change the User Assigned to the Org. It seems that after I created and linked the org to our license key, I only have the ability to change the PAT, but not the user. Is it possible? Or does the org need to be recreated under the Service User from the start?

Colin · July 7, 2025, 2:40pm

You do not need to recreate your organization. The Personal Access Token (PAT) you configure represents the user performing the integration. If you want to use a different user for the integration, simply update the PAT with one generated for the desired user account. You can do this while logged into SonarQube Cloud as a user who is not that user (who never actually has to login!).

matthew-patrick · July 7, 2025, 4:23pm

When I generate the PAT from my account in Azure DevOps, and update the Org Binding in Sonar, Sonar tells me the PAT is valid. When I generate the PAT from another account, Service, or Coworker account, it tells me the Token “Failed authentication, the token used is likely not valid”.

matthew-patrick · July 7, 2025, 5:29pm

Disregard my previous post. There was a Microsoft Azure Entra ID Conditional Access rule affecting a subset of users. I was able to change the PAT to the Service User.

Topic		Replies	Views
Coneect sonarcloud to Azure DevOps with an application service princible account SonarQube Cloud	2	1363	January 19, 2022
Sonar Cloud Azure DevOps Authentication with Service Principal SonarQube Cloud sonarqube-cloud	11	487	November 20, 2024
Is there a way to use app registeration instead of using Personal Access Token in AzureDevops? SonarQube Cloud sonarqube-cloud	1	575	April 12, 2022
Developer Edition - using Service Connections instead of a PAT for authentication Product Manager for a Day tokens , azure-devops	4	41	May 23, 2025
Organization Creation with Personal Access Token not working SonarQube Cloud azuredevops-services , azuredevops , sonarqube-cloud	2	30	April 3, 2025

Azure DevOps Connected Org Via PAT

Related topics