Skip to main content
This guide explains how to connect Azure DevOps Services to an OpenHands Enterprise installation. The integration lets users sign in with Microsoft Entra ID, open Azure Repos, create branches and pull requests, and use Azure Boards work items or pull request comments as context for OpenHands workflows.
This guide covers Azure DevOps Services at https://dev.azure.com. Azure DevOps Server is not covered by this integration.

Prerequisites

  • An OpenHands Enterprise installation using Replicated or standalone Helm.
  • A Microsoft Entra administrator who can register an application and create a client secret.
  • An Azure DevOps Services organization, project, and repository.
  • Azure DevOps users with access to the projects and repositories they will use with OpenHands.
  • Network access from OpenHands to login.microsoftonline.com and dev.azure.com.
  • If you plan to trigger automations from Azure DevOps Service Hooks, network access from Azure DevOps back to the OpenHands app URL or automation webhook URL.

Register a Microsoft Entra Application

In the Azure portal, create a Microsoft Entra app registration for OpenHands.
  1. Go to Microsoft Entra ID > App registrations.
  2. Click New registration.
  3. Enter a name such as OpenHands Azure DevOps.
  4. Select the supported account type for your organization.
  5. Add a Web redirect URI:
    Replace <your-openhands-domain> with the domain for your OpenHands Enterprise installation. If you configured a custom authentication hostname, use that hostname instead of auth.app.<your-openhands-domain>.
  6. Click Register.
  7. Copy the Directory (tenant) ID and Application (client) ID.
  8. Go to Certificates & secrets and create a client secret. Copy the secret value before leaving the page.
  9. If your tenant requires explicit API permissions, add the Azure DevOps delegated permission required for user access and grant admin consent.
OpenHands requests the following Microsoft identity scopes during sign-in:

Configure Azure DevOps Access

Make sure the users who will sign in to OpenHands have access to the Azure DevOps organization, projects, and repositories they need. OpenHands uses the signed-in user’s Azure DevOps access token for repository discovery and Git operations. Repository names in OpenHands use this format:
For example:

Configure the Admin Console

Pick the path that matches how OpenHands Enterprise is deployed.
Open the Replicated Admin Console for your OpenHands Enterprise installation and go to the application configuration page.In Azure DevOps Authentication:
  1. Enable Azure DevOps Authentication.
  2. Enter the Microsoft Entra Tenant ID.
  3. Enter the Azure DevOps Organization if you want to set a default organization.
  4. Enter the Azure DevOps Client ID.
  5. Enter the Azure DevOps Client Secret.
  6. Save and deploy the updated configuration.
The Azure DevOps Organization field is the organization name only, for example contoso for https://dev.azure.com/contoso. Do not include https://dev.azure.com/.

Sign In with Azure DevOps

After the deployment is completed, users choose Sign in with Azure DevOps on your app’s login page. On first sign-in, Microsoft may ask the user to consent to the requested permissions. After sign-in, OpenHands stores the user’s Azure DevOps token through the authentication provider so it can list repositories and run Git operations as that user.

Use Azure DevOps Repositories

After signing in, users can select Azure DevOps repositories from the OpenHands repository picker. OpenHands can:
  • List Azure DevOps projects and repositories available to the signed-in user.
  • Clone Azure Repos using the signed-in user’s OAuth token.
  • Read branch and pull request context.
  • Create branches and pull requests.
  • Read and post Azure Repos pull request comments.
  • Read and post Azure Boards work item comments.
OpenHands does not require users to paste a personal access token for Azure DevOps repository access when Microsoft Entra sign-in is configured.

Trigger OpenHands from Azure DevOps

Azure DevOps events can be connected to OpenHands automations through Azure DevOps Service Hooks and OpenHands custom webhooks. Use this pattern for workflows such as:
  • A work item comment that asks OpenHands to create an implementation pull request.
  • A pull request comment that asks OpenHands to review the change.
  • A pull request comment that asks OpenHands to generate tests or validation evidence.
  • A pipeline or incident event that asks OpenHands to inspect logs and propose a fix.
To configure this pattern:
  1. Register a custom webhook in OpenHands. See Event-Based Automations.
  2. Create an Azure DevOps Service Hook that sends the selected event to the webhook URL.
  3. Create an OpenHands automation that filters for the event type, repository, project, or trigger phrase you want to support.
  4. Test with a non-production repository or project before enabling the automation broadly.
GitHub has built-in event routing in OpenHands. Azure DevOps event routing is configured through service hooks or custom webhooks.

Troubleshooting