What You Can Do

With Azure DevOps connected, Overcut agents can:
  • Access Repositories: Clone, read, and modify code in your Azure DevOps repositories
  • Manage Work Items: Create, update, and comment on Azure DevOps work items (bugs, tasks, user stories)
  • Handle Pull Requests: Review, comment on, and manage pull requests
  • Code Operations: Clone repositories, create branches, and perform git operations
  • Webhook Triggers: Automatically start workflows based on Azure DevOps events
  • Repository Configuration: Configure agent behavior per repository

Prerequisites

  • An Azure DevOps organization with access to repositories you want to connect
  • Azure Active Directory (Entra ID) admin permissions to grant application consent
  • Project Administrator permissions in Azure DevOps projects where you want webhook integration
  • An active Overcut workspace

Setup Overview

Azure DevOps integration uses a service principal (application identity) that operates on behalf of your organization. This approach provides: Service Principal Advantages:
  • Consistent Bot Identity: All operations appear under a single, recognizable application identity
  • Enterprise Security: Centralized permission management through Azure Active Directory
  • Independence: Integration survives team member departures and role changes
  • Clear Attribution: Team members know which actions were automated vs. manual
  • Scalable Management: Single identity works across all projects and repositories
  • Token Stability: Authentication remains valid regardless of personnel changes

Setup Steps

1

Grant Admin Consent in Azure Active Directory

An Azure AD admin must grant consent for Overcut to access your Azure DevOps organization.
  1. In your Overcut workspace, go to Integrations
  2. Click Connect Azure DevOps
  3. Enter your Azure DevOps organization name when prompted
  4. You’ll be redirected to Microsoft’s admin consent page
  5. Sign in as an Azure AD administrator for your tenant
  6. Review the requested permissions:
    • Azure DevOps API access for repositories, work items, and webhooks
    • Microsoft Graph access for tenant validation
  7. Grant consent for the entire organization
  8. Complete the authorization flow
This creates a service principal in your Azure Active Directory tenant and grants it the necessary permissions to access Azure DevOps APIs.
Only Azure AD administrators can grant tenant-wide consent. If you’re not an admin, you’ll need to coordinate with your IT team for this step.
2

Add Service Principal to Azure DevOps

The service principal must be manually added to your Azure DevOps organization and granted appropriate permissions.

Add to Organization:

  1. Navigate to Azure DevOps Organization Settings:
    • Go to https://dev.azure.com/{your-org}/_settings/users
  2. Add the Service Principal as a User:
    • Click Add users
    • Email: {service-principal-object-id}@{tenant-id} (Overcut will provide these values)
    • Access Level: Basic (minimum required for full functionality)
    • Click Add

Grant Project Permissions:

For each project where you want Overcut integration:
  1. Go to Project Settings → Permissions
  2. **Add the service principal to Project Administrators group.
Webhook Requirement: Service principals must have Project Administrator permissions to create and manage webhooks. This is a limitation of Azure DevOps - there’s no way to grant webhook permissions without admin access.
3

Complete Integration in Overcut

Return to Overcut to finalize the connection. Once the service principal is added to the Project Administrators group, you need to run the same flow again to complete the integration.
  1. After granting admin consent, you’ll be redirected back to Overcut
  2. Overcut will detect the service principal and complete the integration setup
  3. Verify the connection by checking that your Azure DevOps projects appear in the provider list
  4. Add repositories from your Azure DevOps projects.
The integration is now complete and ready for use in your workflows.

Permissions

The Azure DevOps integration uses the following permissions:

Azure DevOps API Access

  • Full API Access: Comprehensive access to Azure DevOps services including:
    • Repository Operations: Read and write repository contents, create branches, manage pull requests
    • Work Item Management: Create, read, update work items (bugs, tasks, user stories, etc.)
    • Webhook Management: Create and manage service hooks for event notifications
    • Project Access: Access to project and organization information

Next Steps

After connecting Azure DevOps:
  • Explore repository configuration options for fine-tuned agent behavior
  • Set up workflow triggers to respond to Azure DevOps events
  • Create workflows that leverage both code and work item operations
  • Monitor agent activity through Azure DevOps audit logs