az devops security group

Manage security groups.

Commands

az devops security group create

Create a new Azure DevOps group.

az devops security group delete

Delete an Azure DevOps group.

az devops security group list

List all the groups in a project or organization.

az devops security group membership

Manage memberships for security groups.

az devops security group membership add

Add membership.

az devops security group membership list

List memberships for a group or user.

az devops security group membership remove

Remove membership.

az devops security group show

Show group details.

az devops security group update

Update name AND/OR description for an Azure DevOps group.

az devops security group create

Create a new Azure DevOps group.

az devops security group create [--description]
                                [--detect {false, true}]
                                [--email-id]
                                [--groups]
                                [--name]
                                [--org]
                                [--origin-id]
                                [--project]
                                [--scope {organization, project}]

Examples

Create an Azure DevOps Group with name and description

az devops security group create --name 'Some group name'
--description 'Something to describe this group'

Add an existing AAD group to an Azure DevOps group

Get object ID of an existing AAD group
az ad group show -g '{Group Name}'
az devops security group create --origin-id '{Object ID}' --groups 'vssgp.someDescriptorForGroup'

Add an existing AAD group to an Azure DevOps group with AAD group Email ID

az devops security group create --email-id '{Email ID of AAD group}'
--groups 'vssgp.someDescriptorForGroup'

Create a new Azure DevOps group and add it to existing Azure DevOps groups.

az devops security group create --name 'Some group name'
--groups 'vssgp.someDescriptorForGroupOne,vssgp.someDescriptorForGroupTwo'

Optional Parameters

--description

Description of Azure DevOps group.

--detect

Automatically detect organization.

accepted values: false, true
--email-id

Create new group using the mail address as a reference to an existing group from an external AD or AAD backed provider. Required if name or origin-id is missing.

--groups

A comma separated list of descriptors referencing groups you want the newly created group to join.

--name

Name of Azure DevOps group.

--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

--origin-id

Create new group using the OriginID as a reference to an existing group from an external AD or AAD backed provider. Required if name or email-id is missing.

--project -p

Name or ID of the project in which Azure DevOps group should be created.

--scope

Create group at project or organization level.

accepted values: organization, project
default value: project

az devops security group delete

Delete an Azure DevOps group.

az devops security group delete --id
                                [--detect {false, true}]
                                [--org]
                                [--yes]

Required Parameters

--id

Descriptor of the group.

Optional Parameters

--detect

Automatically detect organization.

accepted values: false, true
--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

--yes -y

Do not prompt for confirmation.

az devops security group list

List all the groups in a project or organization.

az devops security group list [--continuation-token]
                              [--detect {false, true}]
                              [--org]
                              [--project]
                              [--scope {organization, project}]
                              [--subject-types]

Optional Parameters

--continuation-token

If there are more results that can't be returned in a single page, the result set will contain a continuation token for retrieval of the next set of results.

--detect

Automatically detect organization.

accepted values: false, true
--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

--project -p

List groups for a particular project.

--scope

List groups at project or organization level.

accepted values: organization, project
default value: project
--subject-types

A comma separated list of user subject subtypes to reduce the retrieved results. You can give initial part of descriptor [before the dot] as a filter e.g. vssgp,aadgp.

az devops security group show

Show group details.

az devops security group show --id
                              [--detect {false, true}]
                              [--org]

Required Parameters

--id

Descriptor of the group.

Optional Parameters

--detect

Automatically detect organization.

accepted values: false, true
--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.

az devops security group update

Update name AND/OR description for an Azure DevOps group.

az devops security group update --id
                                [--description]
                                [--detect {false, true}]
                                [--name]
                                [--org]

Required Parameters

--id

Descriptor of the group.

Optional Parameters

--description

New description for Azure DevOps group.

--detect

Automatically detect organization.

accepted values: false, true
--name

New name for Azure DevOps group.

--org --organization

Azure DevOps organization URL. You can configure the default organization using az devops configure -d organization=ORG_URL. Required if not configured as default or picked up via git config. Example: https://dev.azure.com/MyOrganizationName/.