Install Qodo on Azure DevOps

Available for both single-tenant and multi-tenant Qodo environments.
Not sure which deployment model you need? See Install Qodo in your Git provider for a full comparison, or check your deployment type.

Already using Qodo on Azure DevOps? Migrating to the new wizard gives you full access to available Qodo features, better performance and reliability, and ensures your installation appears on the Repositories page. See the Migration guide.

Qodo works natively with Azure DevOps, using Microsoft Entra ID to authenticate and authorize access to Azure DevOps APIs, pull request workflows, and Azure Boards work items. You can configure Qodo for a single repository or project, or expand it across multiple projects within your Azure DevOps organization. Configuration typically takes around 5–10 minutes. The wizard supports two authentication methods:

OAuth app registration (recommended): Best for enterprise environments. Uses Azure AD app registration for automated access.
Personal access token (PAT): Suitable when Azure AD admin access is unavailable.

Once installed, Qodo automatically processes pull requests and delivers actionable insights, such as code reviews, descriptions, and improvement suggestions, directly within your Azure DevOps workflow.

Prerequisites

Before you begin, ensure you have:

Access to your Qodo portal.
A Qodo environment configured for Azure DevOps (provided by your Qodo Account Manager).

Based on your authentication method, you need:

OAuth: Azure AD administrator permissions to create app registrations and grant admin consent.
Required OAuth permissions
Before installing Qodo for Azure DevOps, verify that your organization meets all of the requirements below. Missing any of these prerequisites may cause installation or authorization failures.

1. Verify Microsoft Entra ID (Azure AD) permissions
Qodo requires authorization through Microsoft Entra ID. The person performing the installation must have one or both of the following roles:
- Global Administrator (recommended)
- Cloud Application Administrator
How to check
1. Open the Microsoft Entra admin center.
2. Navigate to Identity > Users > Your User > Assigned Roles.
3. Verify that one of the required roles is assigned.
If the role is missing, contact your Microsoft Entra administrator and request one of the required roles before proceeding.

2. Verify Azure DevOps organization permissions
The installer must be one of:
- Organization Owner
- Project Collection Administrator
How to check
1. Open Azure DevOps.
2. Go to Organization Settings > Permissions.
3. Verify your account belongs to Project Collection Administrators or Organization Owners.
If missing, ask an Azure DevOps administrator to grant the required access.

3. Verify application installation permissions
Your organization must allow administrators to install Azure DevOps applications. Confirm that you can:
- Install marketplace applications
- Create service connections
- Authorize applications
If unsure, ask your Azure DevOps administrator whether marketplace app installation is permitted for your account.

4. Verify user license availability
Qodo requires an Azure DevOps Basic license.
1. In Azure DevOps, go to Organization Settings > Users.
2. Verify that at least one Basic license is available and that your organization has not reached its user limit.
Installation may fail if all Basic licenses are already assigned.

5. Verify admin consent policies
Your organization may block third-party application authorization. Verify with your Entra administrator that:
- Admin consent can be granted for applications
- Third-party applications are allowed
- No tenant policies block application registration or authorization
Where to check: In the Microsoft Entra admin center, go to Identity > Applications > Enterprise Applications > Consent and Permissions.

6. Verify enterprise application restrictions
Some organizations use security policies that restrict which applications can be installed. Ask your Entra administrator to confirm:
- Qodo applications are allowed by tenant policy
- No Conditional Access policy blocks application authorization
- No App Governance policy blocks third-party applications
7. Verify repository access requirements
After installation, Qodo must be able to access Azure DevOps resources. Confirm that the installation account has access to:
- Azure DevOps projects
- Repositories
- Pull requests
- Service hooks and webhooks

PAT: A personal access token with the required scopes.

Required PAT permissions

Before you begin

Ensure you are added to the required Azure DevOps organization.
Ensure you have sufficient permissions to create and manage Service Hooks (webhooks), as well as repository and pull request access.

Recommended setup

To allow access across all projects: Add the PAT user to Organization Settings > Permissions > Project Collection Administrators.
To allow access only to specific projects: Add the PAT user to the target project via Project Settings > Permissions > Project Administrators, or via Organization Settings > Users > Manage users. Project-scoped access is recommended when integration is needed only for selected projects.

Create your personal access token

Go to Azure DevOps.
Open User Settings in the top-right corner.
Select Personal Access Tokens from the dropdown.

Azure DevOps user settings dropdown showing Personal Access Tokens option

Click New Token.

The Organization dropdown controls the token’s scope. Selecting a specific organization restricts the token to that organization only. Selecting All accessible organizations grants access across all organizations.

Azure DevOps Create a new personal access token dialog showing Name field, Organization dropdown with specific organization and All accessible organizations options, and Scopes section with Custom defined selected

Required scopes

PAT scopes alone are not sufficient. The user who creates the PAT must also have project-level permissions (typically Project Admin) for webhook creation and PR operations to succeed.

Scope	Access	Purpose
Code	Read & Write	Repository and PR access.
Project and Team	Read & Write	Webhook (Service Hooks) management.
Pull Request Threads	Read & Write	Commenting on pull requests.
Wiki	Read & Write	Read, create, and update the project wiki.

Access the Azure DevOps integration

From the left-hand navigation menu, select Integrations.

Locate the Azure DevOps integration card and click Add installation to launch the installation wizard.

Installation type

Select the authentication method that fits your environment. OAuth app registration is selected by default. If you are using a personal access token instead, select the Personal access token (PAT) tab below. Steps 2 and 3 do not apply. Proceed directly to Step 4.

OAuth app registration (Recommended)
Personal access token (PAT)

This method connects using Azure AD app registration and is best for enterprise security and automated access.Rules and guidelines

The Qodo master app is used only for installation and lifecycle management.
Day-to-day Azure DevOps operations use the tenant-specific Qodo-code-review app.
Removing the Qodo master app may prevent reinstall, repair, or uninstall operations.
A Microsoft Entra ID (work or school) account is required. Personal Microsoft accounts are not supported for organizational consent and Azure DevOps app installation.

During installation, Qodo will:

Use the Qodo master app to securely configure the integration.
Create a tenant-specific Azure application named Qodo-code-review.
Grant it Azure DevOps access required for PR analysis and webhooks.
Store the generated credentials securely for integration management.

Click Continue to proceed to the manifest review.

This method connects using a personal access token and is suitable when Azure AD admin access is unavailable.

Enter your token

Enter your personal access token in the field provided.

Azure DevOps installation type screen with PAT selected and personal access token input field

Token validation errors

Failed to validate PAT: the token was copied incomplete. Check that the full token was pasted and try again.
Invalid Personal Access Token: the token is expired or revoked. Generate a new token and try again.

Organization URL (if prompted)

If the Organization URL field appears, enter your org URL in the format https://dev.azure.com/{your-organization}.

The field appears in two cases:

Single-org scoped token: Your token has limited scope. Enter the URL to proceed.
Expired or revoked token: The field appears, but entering the org URL will result in an “Invalid Personal Access Token” error. Regenerate your token and try again.

Azure DevOps installation type screen with PAT selected showing Organization URL field

Continue

Click Continue to proceed to repository selection.

Review manifest

OAuth only. PAT users: skip to Step 4.

Review the manifest

Review the application manifest before installation.

Azure DevOps review manifest screen showing JSON permissions and scopes

The manifest defines the Microsoft Graph permissions Qodo requires:

Permission	Description
`Application.ReadWrite.All`	Allows Qodo to create and manage the webhook app registration, create its service principal, and generate a client secret in the customer’s tenant.
`DelegatedPermissionGrant.ReadWrite.All`	Allows Qodo to grant tenant-wide admin consent for the Azure DevOps delegated permission required by the generated webhook app.

Click Continue.

Install guide

OAuth only. PAT users: skip to Step 4.

The wizard displays a guide for the two steps that will take place in Microsoft’s environment. Review them below, then click Install to proceed.

Azure Admin

Qodo requires temporary Microsoft Graph permissions to:

Create the tenant-specific Qodo-code-review application.
Generate its credentials.
Grant Azure DevOps access required for the integration.
Manage future updates and uninstall operations.

An Azure administrator must approve the Qodo master app. The approval process occurs on Microsoft’s consent screen and may take up to one minute.

Azure DevOps install guide showing Azure Admin step with Microsoft permissions requested preview

Add organization authorization

This step allows Qodo to:

Access repositories selected for code review.
Create and manage webhooks.
Analyze pull requests.
Post review feedback.

An Azure DevOps administrator must approve access for the generated Qodo-code-review application. You are redirected to Azure DevOps to complete authorization. This process might take up to a minute.

Azure DevOps install guide showing ADO Admin step with Microsoft Pick an account preview

Click Install (opens in a new tab) to begin.

Connect repositories

Find your repositories

Use the search bar to find specific repositories, or browse the tree: Organization > Projects > Repositories.

Azure DevOps connect repositories screen showing org, project, and repository tree with checkboxes

This step may take up to a minute to load.

Select repositories

Select individual repositories, an entire project, or the full organization.

Repositories that already have Qodo installed are not available for selection. To reinstall, remove the existing installation first.

Continue

Click Setup to continue. If you see an error, see Required OAuth permissions.

Check connection

Qodo automatically sets up the required webhooks.

Once complete, a confirmation is displayed.

Click Sync to proceed.

Enable Qodo

Qodo is now enabled for the selected repositories.

The confirmation screen shows the number of connected repositories and confirms that AI code review and auto rule generation are active.

Click Finish installation.

Qodo is now active on the selected repositories. To add repositories, return to this wizard at any time and run a new installation with the updated scope. Repositories that already have Qodo installed are not available for selection. To reduce scope, remove the installation and create a new one.

Verify the installation

Open a new pull request in one of the connected repositories and confirm Qodo is triggered automatically.

Add a comment using one of the supported commands:

/agentic_describe
/agentic_review

Qodo should respond with a review or PR summary directly on the pull request.

What’s next

To enable or disable Qodo on individual repositories within your current scope, use the Repositories page in the Qodo portal.
View Using Qodo in PRs to learn about next steps and how to get the most out of Qodo.

​Prerequisites

​1. Verify Microsoft Entra ID (Azure AD) permissions

​2. Verify Azure DevOps organization permissions

​3. Verify application installation permissions

​4. Verify user license availability

​5. Verify admin consent policies

​6. Verify enterprise application restrictions

​7. Verify repository access requirements

​Access the Azure DevOps integration