The Azure DevOps integration bridges the gap between product discovery and product delivery by empowering product managers and developers to work together.
Product managers and developers focus on two different areas: product discovery and product development. Product managers find and prioritize the right problems, and developers build the right solutions to those problems. But, developers use different tools from product managers, so they often need to switch between them, resulting in siloed information.
This is where the Azure DevOps integration comes into play. The integration shows critical information in both systems so the product and development team work harmoniously. The product managers can push features as a new work item or link them to an existing work item in Azure DevOps. This way, developers know what to build next and why.
In this article:
- Installation requirements
- Installing and configuring your Azure DevOps integration via Personal Access Token
- Installing and configuring your Azure DevOps Integration via OAuth 2.0
Installation requirements
In order to configure this integration, you must be an admin in Productboard and an administrator who is either in the Project Collection Service Accounts or Project Collection Administrators groups in Azure DevOps.
Not sure which Azure product your organization has? See Microsoft's documentation here.
If you are using Azure DevOps Server (on-premise), you'll need to:
- Run Azure DevOps Server, version 2018 (Team Foundation Server 2018) or higher. For more information, contact support@productboard.com.
- Whitelist the following static IP addresses on your firewall with port 443:
100.25.97.8135.174.223.6652.6.23.216
Permission rights for OAuth 2.0
- Be able to sign in to the Microsoft Entra or Azure Portal as at least a Cloud Application Administrator role.
- Data synchronization from Azure DevOps to Productboard won't work unless you are a member of Project Collection Service Account or Project Collection Administrators groups in Azure DevOps.
Note: If you run into an error, double check with your network administrator that Productboard has access to your Azure DevOps network.
Your Azure DevOps on-premise setup needs to be in a public network with a public IP address. The IP address can be inaccessible from the internet in general, but it must be available to Productboard.
Installing and configuring your Azure DevOps Integration via Personal Access Token
- From the top of the Main menu, click Workspace menu > Settings > Integrations.
- Find and click Azure DevOps > Add integration.
- Name the integration. You can change this anytime, and is useful for distinguishing multiple integrations.
- Add your Azure DevOps Server URL (i.e. https://dev.azure.com/zlack).
- Click Create integration.
Note: If you're using a legacy version of Azure DevOps, your URL may have a different format: http://youraccount.visualstudio.com instead.
- Click the Open Azure DevOps button to go to the Personal Tokens page of your Azure DevOps admin account. If you need to go back to the Personal Tokens page, in Azure DevOps click on User Settings > Personal access tokens.
Note: The user who is configuring the integration has to be a member of Project Collection Service Accounts in Azure DevOps.
- In Azure DevOps click New Token.
- Give your token a name and make sure you select the same Organization you used in Productboard. For instance, if you entered 'https:// zlack.azure.com/', the Organization value is 'zlack'.
- Under Expiration (UTC), select Custom defined from the drop-down menu. Using the calendar drop-down, select the furthest possible date from today.
- Then authorize the scope access of the token you created. You need to add permissions for the following scopes for the integration: Notifications and Work Items. If these scopes are hidden in your list, click Show all scopes at the bottom of the panel to reveal them.
For both, select the Read and Write authorization. Then, click Create.
-
Copy your unique token. You won't be able to do this again in the future, so don't forget!
- Go back to the Productboard Integrations page. Paste your unique token and click Authorize integration.
- If the token authorization is successful, you'll see a Valid check (
) letting you know that you finished the integration setup.
Installing and configuring your Azure DevOps Integration via OAuth 2.0
Follow these steps to install and configure the ADO integration using OAuth 2.0:
- Sign in to the Microsoft Entra or Azure Portal as at least a Cloud Application Administrator role. Some steps below may vary slightly depending on the portal you use.
- If you have access to multiple tenants, use the Settings icon in the top menu to switch to the tenant in which you want to register the application from the Directories + subscriptions menu.
- Browse to Identity > Applications > App registrations and select New registration.
- Enter a Name for the application ffor example: “Productboard Azure DevOps Integrations”).
- Select Register.
- On the Overview page, copy the Application (client) ID and the Directory (tenant) ID to the form below within Productboard.
- Under Manager, select Authentication.
- Select Add a platform > Web.
- In the Redirect URIs section, enter https://[your productboard URL]/gw/dev-integrations/ado/oauth2-response.
- Select Configure.
- Under Manage, select API permissions.
- Select Add a permission and under Microsoft APIs select Azure DevOps.
- Select vso.project - Project and team (read) and vso.work_write - Work items (read and write).
- Select Add permissions.
- Under Manage, select Certificates & secrets. In the Client secrets section, select New client secret.
- Enter a key description (for example: “Shared secret”).
- You can either keep the default expiration or set your preferred duration. Shorter durations are more secure, but you will need to create a new secret and reauthorize the integration once it expires.
- Select Add.
- Copy the Value of the client secret to the form in Productboard. The secret value is never displayed again after you leave the page.