Azure DevOps is a suite of tools from Microsoft used for software development and project management. The Azure DevOps connector allows you to index and search Azure Wikis directly in Glean, surfacing project and code documentation for your engineering teams.

Supported Features and Limitations

Glean’s Azure DevOps connector currently supports the indexing and search of wiki content in Azure DevOps. This enables users to surface project documentation and collaborate with up-to-date context. However, there are limitations and requirements you must follow for successful integration.

Supported Objects/Entities

  • Azure Project Wikis
  • Azure Code Wikis

Supported API Endpoints/Features

  • Wikis: Indexes all wiki pages (project and code wikis).
  • Queries: Allows searching across indexed wiki content from Glean and responding to Assistant queries using wiki data.

Limitations

  • Only the cloud version of Azure DevOps is supported; on-premises deployments are not compatible.
  • Only wiki content (project/coded wikis) is indexed at this time—other Azure DevOps entities such as Boards, Repos, Pipelines, etc., are not supported yet.
  • The Azure DevOps connector depends on either a OneDrive or SharePoint (O365) connector also being set up. Without O365, identity and permissions for Azure DevOps content will not be resolved, so search results may be blank.

Crawling Strategy

Crawl typeFull CrawlIncremental CrawlPeople DataActivityUpdate RateWebhookNotes
WikisYesNoYesNoScheduledNoOnly wikis are supported. Requires O365 for permissions.

Results Display

A search result from Azure DevOps will display the indexed wiki content, matching the look and feel of standard Glean search cards. At present, no specific image or screenshot of the result display is available in the provided context. For details, refer to the Glean search interface after setup.

Requirements

Proper functioning of the Azure DevOps connector requires meeting several technical, authentication, and permission prerequisites, as well as some basic setup within both Azure and Glean.

Technical Requirements

  • Must use Azure DevOps (cloud); on-premises/server deployments are not supported.
  • You must have either the OneDrive or SharePoint connector for O365 set up in Glean to resolve permissions and identities.
  • Supported for organizations with existing Azure DevOps tenants tied to their Microsoft Azure Active Directory.

Credential Requirements

  • Requires an Azure Application (App Registration), created in Azure Portal, to be added as a service principal in your Azure DevOps organization.
  • You must provide:
    • Application (Client) ID
    • Directory (Tenant) ID
    • Client Secret
  • These values are entered in the connector’s credential fields in the Glean admin UI.

Permission Requirements

  • The service principal used for the connector must have at least the “Project Reader” role in each project containing wikis to be indexed.
  • Permissions must be set so the app/service principal is added as a user in the relevant Azure DevOps projects.
  • The connector depends on O365 identity crawls for mapping users/groups; this mapping controls authorization in Glean.

Scope Requirements per API Endpoint

  • Wiki reading scopes are required in the Application Registration. Details on scope granularities or required API endpoints may be found in Microsoft’s documentation. Generally, enough permission to read wiki pages via the REST API and access user/group membership is needed.

Preliminary Source/System Setup

  • Register a new application in Azure Portal (recommended name: glean-azure-devops).
  • Assign the service principal created as a user to relevant Azure DevOps projects with “Basic” access and “Project Reader” role.
  • Copy and securely store the Application (client) ID, Directory (tenant) ID, and create a client secret.
  • Complete setup in Glean by providing these credentials.
  • Enable the Azure DevOps connector in Glean admin (appears in “Add data source” once licensing/flags are enabled).

Permissions & Security

Data and Metadata Ingested:
  • Wiki page content (title, main text)
  • Metadata such as page creation/modification details, and related container/pages
Permission Propagation Logic:
  • Permissions assigned in Azure DevOps (via project roles and security groups) are mapped using user/group information from the O365 connectors.
  • If O365 is not present, no permissions are mapped and search results may be unavailable.
Security & Compliance Notes:
  • OAuth or App Registration authentication is used.
  • Admins control the assignment of roles/scopes for least-privilege access.
  • Data visibility in Glean strictly follows what is permitted in Azure DevOps, subject to the O365 identity mapping.
Known Security Restrictions and Exceptions:
  • No support for on-premises Azure DevOps.
  • No independent support—O365 dependency is required for permissions; all content may be invisible in search otherwise.
  • Unsupported multi-instance scenarios if permissions/groups mapping cannot be resolved.
Data Privacy Implications:
  • Ensures only permitted wiki content is indexed and visible, governed by Azure DevOps and O365 group membership.

Configuration and Setup Instructions

Glean uses Service Principal to access Azure DevOps. Follow the steps below to set up Azure DevOps:

Register a new app

  1. Sign into the Azure portal. Select Microsoft Entra ID, then Manage > App registrations > New registration.
  2. On the Register an application page, register an app with the following:
FieldValue
NameGlean for Azure DevOps
Supported account typesAccounts in this organizational directory only (Single tenant)
Redirect URI(Leave this field blank)
  1. Click Register.

Generate secret

  1. Navigate back to Microsoft Entra ID > Manage > App registrations and click on the app you created earlier. Then click on Manage > Certificates & secrets in the left sidebar.
  2. Click on New client secret. Enter a description and select 24 months for expiry time, then click Add.
  3. Under Client secrets, copy the Value (not the Secret ID) you generated and enter it in Glean as the Client secret. The Value will only be shown once.
Generate secret

Add the app user

  1. Add the newly created application service principal to Azure DevOps Users (dev.azure.com/<organisation_name>/_settings/users).
  2. Select the required projects. Only the wikis part of selected projects will be crawled.
  3. We just need Basic access level and Project Reader as the groups settings.
Add the app user

Fill out keys

  1. Go to the Overview Tab of the Azure Portal for the application.
  2. Copy the Application (client) ID & Directory (tenant) ID and enter it in the glean self serve page
  3. Enter the Azure Devops Organization name in the designated field.
  4. Click Save. If the credentials save, you’re all set!

Crawl configuration options

  • Currently, only wikis are supported for crawling.
  • Redlist/greenlist (user or group inclusion/exclusion), lookback period, and custom object support are not mentioned in available documentation; revisit for updates as development proceeds.
  • Crawl scheduling and frequency can be managed in the admin console.