18

I have created an Azure DevOps organization. I have created it with my outlook account. I want to connect it to Azure Active Directory (AAD), Default Directory, on my Azure portal. I am using the free account on Azure portal which allows me to have one subscription. The AAD directory is shown below:

enter image description here

I want to connect my Azure DevOps organization to Azure Active Directory. I am using the same user in Azure portal and Azure DevOps. I have basically created both by the same account. I am following the instruction at this link to connect Azure DevOps organization to Azure AD. I emphasize that in my case both are created by the same email. However, in Azure DevOps Organization settings, by clicking on "connect directory" under "Azure Active Directory", I get an error that: "User [email protected] is a guest in the target AAD tenant Default Directory. The current organization policy does not allow guest users to access the organization. Change the policy setting to allow external guest access and try again."

This is what I see at organization settings in DevOps:

Azure DevOps Organization Settings

This is the error when I try to connect it to AAD:

enter image description here

When I check my user in Azure Active Directory I can see it has global admin role, and is a member, not guest! It is after all the user by which I have created this account and all the resources: (It is the user on the second row:)

User in AAD

As mentioned earlier, this user has global administrator role:

enter image description here

I also tried changing my policies at AAD side to be able to connect my DevOps project to AAD, but again it fails. This is how the policies are:

external collaboration policy

I basically don't know what else I should do to connect DevOps to AAD. Any help is appreciated.

Improve this question
5
  • I’m voting to close this question because it belongs on devops.stackexchange.com Commented Dec 27, 2021 at 22:19
  • Hi @E. Erfan, Did you mansage to solve this issue? Commented Jan 24, 2022 at 20:38
  • 1
    @farp332 yes, by following the answer, and switching my tenant at Azure DevOps to match the one in Azure portal, the issue was resolved. I however couldn't figure out how to connect Azure DevOps to another AAD organization in portal by using AAD policies. Commented Jan 25, 2022 at 0:41
  • 1
    It appears this does not work if you already created an organization in Microsoft Directory and want to move it out. The instructions at learn.microsoft.com/en-us/azure/devops/organizations/accounts/… assume your organization is already connected to AD, but if it isn't then the "switch directory" button is missing. Commented Nov 15, 2022 at 17:08
  • @davex_ - did you figure out how to get the existing organizations ported over to new tenant (Default Directory)? Commented May 17, 2023 at 4:46

5 Answers 5

Reset to default
18

When you log in to Azure DevOps, it logs in with Microsoft Directory.

You need to switch the tenant to your default directory

enter image description here

Then you would be able to link your Azure AD tenant to your Azure DevOps Organization

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Thank you @RamaraoAdapa-MT. I switched to Default Directory as you said, and made a project, I can see it is now connected to Default Directory of AAD. For the sake of completeness, when I click switch to connect to another AAD, again it gives me the same error: "User [email protected] is a guest in the target AAD tenant AAD_Directory_Name. The current organization policy does not allow guest users to access the organization. Change the policy setting to allow external guest access and try again." Does it mean that always these two resources must be in the same AAD to be able to connect?
The AAD tenant should be same as the DevOps tenant to connect
Same problem here. This is an atrociously bad UX, not only was the error message totally misleading, I had to read this answer multiple times before I understood that I had to find yet another place where I need to set the active directory. What the hell is "Microsoft Directory", and why is that a reasonable default, as opposed to just using the directory selected on portal?
Gross, I had all my projects setup in the wrong directory... now I have to move them over ughhh
When i said "now I have to move them over"... yes, i meant manually recreate everything. :(
|
5

A solution that doesn't require creating a new Azure DevOps organization

Due to the fact that all solutions suggest creating a new organization - which is not always possible, for example due to the requirement of using a new name - my solution doesn't require creating a new organization.

  1. Go to the Azure Active Directory service in your directory and create a new user. enter image description here
  2. Add the newly created user to the Azure DevOps organization (the email might look like [email protected]).
  3. Log in with this user ([email protected]) in incognito mode in your web browser to the Azure DevOps organization.
  4. Go back to your Azure Devops organization (logged using Microsoft Account) and transfer ownership of the organization to the newly created user ([email protected]).
  5. Remove unnecessary users (optional).
  6. At this point, you can link the organization with Azure Active Directory.

Once the organization is linked to Azure Active Directory, you can change the organization's owner and remove the temporary account from the organization and AD ([email protected]).

Improve this answer

Comments

1

Switch to right Directory when creating new organization in devops:

enter image description here

Improve this answer

Comments

0

I actually read the answer many times but still did not understand. After spending a lot of time I realized after deleting my organization when we are on dev.azure.com when we login we need to select the right directory in the popp-up.

Improve this answer

Comments

0

Click on the link and Change the Microsoft Directory To Default Directory. This solves the issue.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.