You can onboard using your own Azure DevOps repository. If you would like to use your own Azure DevOps repository, please complete the following steps:

1

Create an Azure DevOps Repository

Create a new Azure DevOps private repository using one of these options:

2

Configure allowed IP addresses

If you are restricting access to your Azure DevOps organization using IP addresses allow list, add the IP addresses displayed in the Azure DevOps connection screen in Honeydew App settings page to the relevant CAP (Conditional Access Policy) in Azure Portal (find more details here).

For the Honeydew Cloud deployment, the following IP addresses are used:

  • 34.86.209.90
  • 34.145.147.92

If you are using a private Honeydew deployment, the IP addresses will be different. You can find them in the Azure DevOps connection screen in Honeydew App settings page.

3

Set up Honeydew

Please reach out to support@honeydew.ai and send the repository details: org name, project name, repository name (e.g. honeydew-data, quickstart, honeydew-quickstart).

4

Create an Entra ID App

Honeydew integrates with the Azure DevOps API through a service principal authentication, using a Microsoft Entra ID App.

You will need your Cloud Application Administrator or Application Administrator to complete these steps — you may not have access yourself. This will be required if the creation of registered applications is not enabled for the entire organization.

Create an Entra ID App

  1. Open the Azure Portal
  2. In the search bar, search for App registrations. Open it and start a new registration by clicking New registration
  3. On the Register an application page, enter the following details:
    • Name: Honeydew Azure DevOps Integration
    • Supported account types: Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)

      You need to select the Supported account types as Multitenant rather than Single Tenant, as Microsoft considers Azure DevOps (formerly called Visual Studio) and Microsoft Entra ID as separate tenants, and for the Entra ID application to work properly, you must select Multitenant.

    • Redirect URI: Leave blank
  4. Click Register

Create a Client Secret

  1. On the homepage of your newly created application, from the Overview screen, copy the values for the following fields and store them in a secure location:
    • Application (client) ID
    • Directory (tenant) ID
  2. From the left menu of your newly created application page, open Manage > Certificates & secrets
  3. Click New client secret
  4. In the Add a client secret dialog, enter the following details:
    • Description: Honeydew Azure DevOps Integration
    • Expires: Choose an appropriate expiry date
  5. Click Add
  6. Copy the value of the newly created client secret and store it in a secure location

Create a Service Principal for the application

You will need your Cloud Application Administrator or Application Administrator to complete these steps — you may not have access yourself.

  1. Open the Azure Portal
  2. In the search bar, search for Microsoft Entra ID and select it from the drop-down list
  3. In the left menu, expand the Manage section, and click App Registrations
  4. Click on the application you created in the previous steps (e.g. Honeydew Azure DevOps Integration)
  5. Locate the Managed application in local directory field, and click Create Service Principal. If the field is already populated, a service principal has already been assigned.

Add permissions to your service principal

  1. Open the Azure Portal
  2. In the search bar, search for Microsoft Entra ID and select it from the drop-down list
  3. In the left menu, expand the Manage section, and click App Registrations
  4. Click on the application you created in the previous steps (e.g. Honeydew Azure DevOps Integration)
  5. Select API permissions in the left navigation panel
  6. Remove the Microsoft Graph > User Read permission
  7. Click Add a permission
  8. Select Azure DevOps
  9. Select the user_impersonation permission under Other permissions
  10. Click Add permissions
5

Connect Azure DevOps to the new app

You can only add a managed identity or service principal for the tenant to which your organization is connected. You need to add a directory to your organization so that it can access all the service principals and other identities. In Azure DevOps, navigate to Organization settings > Microsoft Entra > Connect Directory to connect, or verify that it is already connected.

  1. From your Azure DevOps account organization screen, click Organization settings in the bottom left
  2. Under General section, click Users
  3. Click Add users, type the created service principal in the first field (e.g. Honeydew Azure DevOps Integration), and click the name as it appears.
  4. In the Add to projects field, select the project that contains the Honeydew repository
  5. Set the Azure DevOps Groups to Project Contributors
6

Connect the Microsoft Entra ID app to Honeydew

In the Honeydew application, go to Settings -> Azure DevOps and configure the following:

  • Application (client) ID: Found in the Microsoft Entra ID app (see the app creation step).
  • Directory (tenant) ID: Found in the Microsoft Entra ID app (see the app creation step).
  • Client Secret: Use the secret value field from the secret you have created for the Microsoft Entra ID app in previous steps.

If you have branch policies for new repositories, you may need to relax these policies for the Honeydew Azure DevOps repository. Specifically, please disable the requirement for minimal number of approvals.