# Azure DevOps

{% hint style="warning" %}
Only organization Admins can create, edit and delete integrations.
{% endhint %}

Link your model objects to reality, such as code repos, branches, folders and files. When those links move, change names or get deleted, we’ll notify you that the object may need to be updated in your IcePanel landscape.

Learn more here:  [Linking to reality](/integrations/linking-to-reality.md)

## Using Azure DevOps

### Using [dev.azure.com](http://dev.azure.com/)

IcePanel uses OAuth to authenticate with [dev.azure.com](http://dev.azure.com/) users.

#### Linking an account

1. Navigate to `Integrations` in IcePanel by clicking `Manage` in the organization dropdown
2. Click on the `New integration` button and select Azure DevOps
3. Accept the requested permissions and choose an Azure DevOps organization that you’d like to sync with IcePanel
4. You should now see your code repos in the `Links` section of an object

#### Unlinking an account

1. Navigate to `Integrations` in IcePanel by clicking `Manage` in the organization dropdown
2. Select the `Azure DevOps` tab and click Remove
3. Navigate to your Azure DevOps Security > Authorizations tab and revoke the authorization for IcePanel

### Whitelist the IcePanel repo scanner

You may find that no code repos show if your organization has enabled IP filtering or whitelisting in your integration. To resolve this whitelist the IcePanel repo scanner IP address:

`34.168.47.236`

## Using self-hosted Azure DevOps

IcePanel uses personal access tokens to authenticate with self-hosted Azure DevOps instances.

1. Create an Azure DevOps [personal access token](https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops\&tabs=Windows#create-a-pat) with the code read scope
2. Navigate to `API keys` in IcePanel by clicking Manage in the organization dropdown
3. Create an API key with admin permissions
4. Run the [IcePanel CLI](https://hub.docker.com/repository/docker/icepanel/cli) docker image in azure-devops-sync mode with the following parameters

```
⠀docker run icepanel/cli azure-devops-sync \\
  --api-key $ICEPANEL_KEY \\
  --url <https://dev.azure.com> \\
  --token $AZURE_DEVOPS_TOKEN
  --organization $AZURE_DEVOPS_ORGANIZATION

```

Or with environment variables.

```
docker run \\
  -e API_KEY=$ICEPANEL_KEY \\
  -e AZURE_DEVOPS_URL=https://dev.azure.com \\
  -e AZURE_DEVOPS_TOKEN=$AZURE_DEVOPS_TOKEN \\
  -e AZURE_DEVOPS_ORGANIZATION=$AZURE_DEVOPS_ORGANIZATION \\
  icepanel/cli azure-devops-sync

```

5. Once the synchronization is complete you should see your code repos in the IcePanel reality tab.

### CLI command reference

```
Usage: IcePanel azure-devops-sync [options]

Syncronize IcePanel code repos with a Azure DevOps instance

Options:
  --api-url <value>           IcePanel API URL (default: "https://api.icepanel.io/v1")
  -k, --api-key <value>       IcePanel API key
  -s, --url <value>           Azure DevOps URL (default: "https://dev.azure.com")
  -t, --token <value>         Azure DevOps token
  -o, --organization <value>  Azure DevOps organization name, comma seperated
  -i, --interval <secs>       Interval for syncronization (default: "1800")
  -f, --force                 Force refresh of code repos and trees
  --filter-repos <pattern>    Filter code repo names to include, supports wildcards
  --delete-all                Delete all code repos and trees for this integration
  --concurrency <value>       Number of jobs that can be processed in parallel (default: "10")
  -h, --help                  display help for command

Environment variables:
  API_URL                     IcePanel API URL
  API_KEY                     IcePanel API key
  AZURE_DEVOPS_URL            Azure DevOps URL
  AZURE_DEVOPS_TOKEN          Azure DevOps token
  AZURE_DEVOPS_ORGANIZATION   Azure DevOps organization name, comma seperated
  SYNC_INTERVAL               Interval for syncronization
  FORCE                       Force refresh of code repos and trees
  FILTER_REPOS                Filter code repo names to include, supports wildcards
  CONCURRENCY                 Number of jobs that can be processed in parallel
  LOG_LEVEL                   Options are fatal, error, warn, info, debug, trace, silent

```

### Self-signed certificates

To use a self signed the certificates `NODE_TLS_REJECT_UNAUTHORIZED=0`must be specified as an environment variable to the CLI container.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.icepanel.io/integrations/code-repo-linking/azure-devops.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.