Azure DevOps

The Azure DevOps connector indexes Azure DevOps cloud Wikis so that project and code documentation can be searched directly from Glean alongside the rest of your knowledge base (Confluence, Google Drive, Slack, etc.). The connector depends on either the SharePoint or OneDrive connector being configured in Glean for identity and permission mapping. If no supported Microsoft 365 connector is configured and healthy, Azure DevOps wiki documents can be crawled but will not appear in Glean Search because user/group identities cannot be resolved.

Scope: This connector currently supports Azure DevOps Services (cloud) only. On‑premises Azure DevOps Server is not supported.

​

Use case examples

Typical scenarios this connector supports include:

• Project knowledge discovery
  • “Show me the onboarding guide in our Platform project wiki.”
  • “Where is the runbook for the payments service in Azure DevOps?”
• Code and architecture documentation
  • “Find the design doc for the new billing pipeline from our engineering wiki.”
  • “Search across all team wikis for ‘incident playbook’.”
• Answering questions with wiki context
  • Glean Assistant can ground answers in Azure DevOps wiki content (for example, “How do we deploy service X?”) when the connector is configured and crawls have completed.

​

Supported content and objects

​

Supported objects

• Azure Project Wikis
• Azure Code Wikis

Only wiki pages (and their associated metadata) are indexed.

​

Data ingested

For each wiki page, the connector typically ingests:

• Title and page hierarchy (parent/child relationships)
• Main body content
• Basic metadata:
  • Project and wiki name
  • Page creation and last‑modified timestamps
  • Author/editor information when exposed by the API

​

Supported API endpoints

• Wikis: Indexes all wiki pages (project and code wikis).
• Queries: Allows searching across indexed wiki content from Glean and responding to Assistant queries using wiki data.

​

Limitations

The Azure DevOps connector has the following limitations:

• The following Azure DevOps entities are not crawled:
  • Boards (Epics, Features, Stories, Tasks, Bugs)
  • Pipelines and Releases
  • Repos (code, pull requests)
  • Test Plans, Artifacts, and other non‑wiki resources
• Wikis are crawled using scheduled full crawls; there is no separate incremental or activity crawl stream.
• The connector does not use Azure DevOps webhooks; freshness is governed by Glean’s scheduled full crawls.
• The Azure DevOps connector does not support multiple instances connected to the same O365 connector.

​

Crawling strategy

The Azure DevOps connector uses a simple, scheduled full‑crawl model:

​

Permissions and security

The Azure DevOps connector does not directly crawl activity streams, audit logs, or identity data; instead, it enforces permissions by mapping users, groups, and project memberships through your Microsoft 365 identity connectors.

​

Permission propagation

Permissions are enforced using a combination of:

1. Azure DevOps project/wiki permissions
   • The service principal must have access to every project whose wikis you want to index (see setup).
   • Within a project, the connector can read wiki content any user with that service principal’s role (typically Project Reader) can access.
2. Microsoft 365 identity mapping
   • Glean uses your SharePoint and/or OneDrive connectors as the source of truth for users and groups in your Microsoft 365 tenant.
   • Azure DevOps permissions are projected onto these identities so that Glean search results only appear for users who have access in Azure DevOps.

If the required Microsoft 365 connectors are not configured or are unhealthy, Azure DevOps search results will generally be empty even if crawls appear successful.

​

Security model

• Authentication uses a Microsoft Entra ID application (service principal) with an application secret.
• Access is limited to the projects and wikis where that service principal has been added as a user.
• All data is encrypted in transit and at rest in your Glean tenant, following Glean’s standard security and compliance practices.

​

Requirements

​

Technical requirements

To use the Azure DevOps connector, you must have:

• An Azure DevOps Services (cloud) organization.
• A Microsoft Entra ID (Azure AD) tenant associated with that organization.
• At least one of the following Microsoft 365 connectors configured in Glean. These provide identity and group information required for permission‑aware search:
  • SharePoint
  • OneDrive
• Glean Admin permissions to add and configure data sources.

​

Credential requirements

You must create an app registration in the Azure portal and provide the following to Glean:

• Application (client) ID
• Directory (tenant) ID
• Client secret (value)
• Azure DevOps organization name (e.g., contoso in https://dev.azure.com/contoso)

These values are entered in the Azure DevOps connector setup page in the Glean Admin console.

​

Permission requirements

The service principal created via the app registration must be:

• Added as a user in your Azure DevOps organization (dev.azure.com/<organization>/_settings/users).
• Granted at least:
  • Basic access level
  • Project Reader role (or equivalent read role) in each project whose wikis you want to index.

Important: If the app user is not added to a project, no wikis from that project will be crawled, and the connector may appear to have crawled zero content.

​

Scope requirements

The app registration must be able to:

• Call the Azure DevOps Wiki REST APIs to list projects, wikis, and pages.
• Read basic identity information needed for permission mapping (in combination with your Microsoft 365 connectors).

Exact scopes are managed in the Azure portal; refer Microsoft’s documentation for up‑to‑date scope names and Azure DevOps REST API requirements.

​

Configuration and setup

This section summarizes the required steps in both Azure and Glean. The Azure DevOps setup sequence matches the instructions used in the in‑product setup workflow.

​

Step 1: Register a new Azure app

1. Sign into the Azure portal.
2. Go to Microsoft Entra ID > Manage > App registrations > New registration.
3. On Register an application, configure:

4. Click Register.

​

Step 2: Generate a client secret

1. In the same app registration, go to Manage > Certificates & secrets.
2. Click New client secret.
3. Enter a description and choose an expiry (for example, 24 months).
4. Click Add.
5. Under Client secrets, copy the Value (not the Secret ID). This is the Client secret you will paste into Glean. Store it securely; the value is only shown once.

​

Step 3: Add the app user in Azure DevOps

1. Navigate to your Azure DevOps organization: https://dev.azure.com/<organization>.
2. Go to Organization settings > Users (/_settings/users).
3. Add the newly created application service principal as a user.
4. Select the projects whose wikis you want Glean to index.
5. For each project, assign:
   • Access level: Basic
   • Project role: Project Reader (or equivalent read‑only role)

Only wikis in the selected projects will be crawled.

​

Step 4: Copy IDs and configure the connector in Glean

1. In the Azure app registration, open the Overview tab.
2. Copy:
   • Application (client) ID
   • Directory (tenant) ID
3. In the Glean Admin console, go to Data sources > Add data source > Azure DevOps.
4. In the connector setup form, provide:
   • Application (client) ID
   • Directory (tenant) ID
   • Client secret (from Step 2)
   • Azure DevOps organization name (e.g., contoso)
5. Click Save. If the credentials validate successfully, the connector configuration is complete.

​

Step 5: Start the initial crawl

1. After saving credentials, trigger a full crawl from the Azure DevOps connector page in Glean (for example, by clicking Crawl now).
2. Once the crawl completes:
   • Verify that documents are listed for Azure DevOps in crawl/log views.
   • Run a search in Glean filtered by app:Azure DevOps (or using the Azure DevOps app filter) to confirm wiki content appears for users with the appropriate permissions.