Skip to content

feat: add Azure DevOps enterprise integration support #238

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
zerofltexx wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: add Azure DevOps enterprise integration support #238

zerofltexx wants to merge 1 commit into from
+62 −2

Conversation

@zerofltexx
Copy link

@zerofltexx zerofltexx commented Nov 9, 2025
edited
Loading

Add Azure DevOps Enterprise Integration Support

Add support for Azure DevOps as an enterprise identity provider with automatic organization discovery. The
integration uses Azure AD app registration for authentication and automatically discovers user organizations
via the Azure DevOps Accounts API. This is to support OpenHands/OpenHands/pull/11667

Changes:

  • Add azureDevOps configuration to values.yaml with tenant ID and secret support
  • Add Azure DevOps environment variables and keycloak configuration
  • Add ingress route for Azure DevOps integration endpoint
  • Update README with Azure DevOps setup instructions including secret configuration
  • Use auto-discovery for organizations instead of manual configuration

Description

This PR adds Azure DevOps as a supported enterprise identity provider, following the same integration pattern
as existing providers (GitHub, GitLab, BitBucket).

Key Features:

  • Automatic Organization Discovery: Users' Azure DevOps organizations are automatically discovered via the
    Azure DevOps Accounts API, eliminating the need for manual configuration
  • Multi-tenant Support: Supports both single-tenant and multi-tenant Azure AD applications through the
    configurable tenantId field
  • Keycloak Integration: Fully integrated with the existing Keycloak authentication flow

Implementation Details:

  • The integration uses Azure AD app registration for OAuth authentication
  • Organization discovery happens automatically when users authenticate - the system queries the Azure DevOps
    Accounts API
  • The configuration includes a dedicated Kubernetes secret (azuredevops-app) for storing client credentials
  • Added ingress route /integration/azuredevops/* for Azure DevOps-specific endpoints

Helm Chart Checklist

  • I have updated the version field in Chart.yaml for each modified chart
  • I have tested the chart upgrade path from the previous version
  • I have verified backwards compatibility with existing values.yaml configurations
  • I have updated the chart's README.md if there are any breaking changes or new required values

Additional Notes

Backwards Compatibility:
This change is fully backwards compatible. The Azure DevOps integration is disabled by default
(azureDevOps.enabled: false) and requires explicit configuration to enable.

Documentation:
Complete setup instructions have been added to the README, including:

  • Step-by-step Azure AD app registration process
  • Kubernetes secret creation commands
  • Example site-values.yaml configuration with all required fields

Testing:
To test this integration, you'll need:

  1. An Azure AD tenant with app registration permissions
  2. Access to an Azure DevOps organization
  3. The ability to create Kubernetes secrets in your test environment

@zerofltexx zerofltexx mentioned this pull request Nov 9, 2025
Open
5 tasks
@zerofltexx zerofltexx force-pushed the feat/azure-devops-enterprise-support branch from 463deaa to 8211a9e Compare November 9, 2025 12:37
@zerofltexx zerofltexx force-pushed the feat/azure-devops-enterprise-support branch from 556f4cd to 97b5cbf Compare November 20, 2025 14:43
@openhands-agent
feat: add Azure DevOps enterprise integration support
deed8ff 
Add support for Azure DevOps as an enterprise identity provider with automatic organization discovery. The integration uses Azure AD app registration for authentication and automatically discovers user organizations via the Azure DevOps Accounts API.

Changes:
- Add azureDevOps configuration to values.yaml with tenant ID and secret support
- Add Azure DevOps environment variables and keycloak configuration
- Add ingress route for Azure DevOps integration endpoint
- Update README with Azure DevOps setup instructions including secret configuration
- Use auto-discovery for organizations instead of manual configuration
@zerofltexx zerofltexx force-pushed the feat/azure-devops-enterprise-support branch from 97b5cbf to deed8ff Compare November 20, 2025 14:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zerofltexx