Azure DevOps user management

0
votes

I have some questions about user management in Azure DevOps.

Organization is connected to Azure AD. In Organization settings, Users tab - you can see a list of all users and their access level. Makes sense. However, it's not a full list and it does not display users that were added directly to a project team. That, in my opinion, full list of users can be seen in Settings -> Permissions -> Users.

Why are users, added to a project, not visible in organization users list? is it because of licensing? and what access level (Basic/stakeholder) users have if they are added to a project and not the org?

Can/should adding members directly to project be restricted using organization settings?

1
azure-devopsazure-active-directory

1 Answers

0
votes

Why are users, added to a project, not visible in organization users list? is it because of licensing?

Generally to say, yes.

Let's exclude the AAD part on this operation scenario. Because even if there's no AAD backed into organization, the PCA member can still add one external user into project directly.

To express more detailed: The user will be assigned the access permission to this organization only while you add this user direct to project instead of organization. Note: Just access permission, but none-licenses (Basic, license assign and etc). Also, there's no notification mail sent to this user.

At this time, you can only view his account exists in this org from Permission => Users tab.

BUT

Once the user visits the org through that account for first time, that is the time of this account has active access history in the org, the licenses will be assigned to this account automatically by system at this time.

For which licenses will be assigned, this depends on your organization. Firstly, the system will detect whether it still has available Basic licenses exists on this org. If yes, this account will be assigned with Basic license. If there's no available Basic left, what this account assigned is Stakeholder.

To nutshell, the order that system used to picks and assigns licenses automatically is Basic => Stakeholder.

Also, you will see this account displayed in Users panel which under organization setting.

What access level (Basic/stakeholder) users have if they are added to a project and not the org?

I think I have give the reply on this puzzle in above. Just refer to that.

Can/should adding members directly to project be restricted using organization settings?

This needs to be considered in two time periods.

First is you add the account into project, and the user hasn't login with this account yet.

In this time period, what you can do in organization setting is change its collection-level permissions from Permission => Users => Specific permission setting. You can not do assign Project Administrator/Contributor/Reader at this time.

The Project Administrator/Contributor/Reader assignment can only be achieved after the user login the organization.