Skip to content

Configuring Entra ID and Azure DevOps Integration with BoostSecurity


This guide provides detailed instructions for configuring Microsoft Entra ID and Azure DevOps (ADO) to integrate with BoostSecurity. The configuration establishes a secure connection using an Entra ID app registration, service principal, and associated permissions. By following the steps outlined in this guide, you will:

  • Create and configure an Entra ID application registration.
  • Assign the required Azure DevOps API permissions.
  • Generate and manage client secrets.
  • Connect Azure DevOps to your Entra ID tenant.
  • Configure BoostSecurity to integrate with your ADO environment.
  • Enable webhook installation and Zero Touch Provisioning (ZTP).

This process ensures BoostSecurity can securely interact with your Azure DevOps organization while adhering to best practices for access control and automation.


Entra ID Configuration


  1. In the Azure Portal, navigate to Entra ID → Manage → App Registrations , and create a new app registration.

    Create new app registration

  2. Assign a descriptive name and configure the Web Redirect URL to:

       https://api.boostsecurity.io/scm-public/msal/callback
    

    Configure Redirect URL

  3. After creating the registration, open the Overview page and copy the Client ID. You will need this value in later steps.

    Copy Client ID

  4. Configure API permissions:

    • Select Add a permission.

      Set API Permissions

    • Under Microsoft APIs, choose Azure DevOps API.

      Select Azure DevOps API

    • Add the following delegated permissions:

      • vso.code (read)
      • vso.project (read)
      • vso.profile (read)

      Add the permissions

  5. Generate a client secret:

    • Go to Manage → Certificates & Secrets.

      Certs and Secrets

    • Create a new client secret with a 1-year expiration period.

      Set Expiration

    • Copy and securely store the secret value, as it cannot be retrieved again after you leave the page.

      Copy Secret


Azure DevOps Configuration


  1. In your Azure DevOps organization settings, confirm that the organization is connected to your Entra ID tenant:

       https://dev.azure.com/{ORGANIZATION}/_settings/organizationAad
    

    Azure DevOps ID Tenant

  2. Add the Entra ID service principal as a user:

    • Go to https://dev.azure.com/{ORGANIZATION}/_settings/users.
    • Search for the service principal by name.
    • Assign the service principal the role of Project Contributor with Basic access level.
    • To ensure seamless integration, it is recommended to assign access to all projects.

    Add Service Principal


BoostSecurity ADO Account Integration


  1. In the BoostSecurity console, navigate to Settings → Integrations → ADO Account Integration , and select the App Registration tab.
  2. Provide the following details:

    ADO Account Integration

  3. Install the webhook:

    • BoostSecurity will request temporary authorization to act on your behalf in ADO.
    • Approve the authorization request when prompted.
  4. Enable Zero Touch Provisioning (ZTP):

    • Install the BoostSecurity ADO application from the Visual Studio Marketplace: BoostSecurity Scan App
    • Once installed, enable ZTP to complete the configuration.