Install Qodo on Azure DevOps

Available for both single-tenant and multi-tenant Qodo environments.
Not sure which deployment model you need? See Install Qodo in your Git provider for a full comparison, or check your deployment type.

Already using Qodo on Azure DevOps? Migrating to the new wizard gives you full access to available Qodo features and better performance and reliability. See the Migration guide.

Qodo works natively with Azure DevOps, using Microsoft Entra ID to authenticate and authorize access to Azure DevOps APIs, pull request workflows, and Azure Boards work items. You can configure Qodo for a single repository or project, or expand it across multiple projects within your Azure DevOps organization. Configuration typically takes around 5–10 minutes. The wizard supports two authentication methods:

OAuth app registration (recommended): Best for enterprise environments. Uses Azure AD app registration for automated access.
Personal access token (PAT): Suitable when Azure AD admin access is unavailable.

Once installed, Qodo automatically processes pull requests and delivers actionable insights, such as code reviews, descriptions, and improvement suggestions, directly within your Azure DevOps workflow.

Prerequisites

Before you begin, ensure you have:

Access to your Qodo portal.
A Qodo environment configured for Azure DevOps (provided by your Qodo Account Manager).

Based on your authentication method, you need:

OAuth: Azure AD administrator permissions to create app registrations and grant admin consent. Before proceeding, review the requirements and common issues below.
⚠ Common issues and detailed requirements
If you encounter issues, these are common causes:

Missing admin permissions: You cannot create or install the app without Project Collection Administrator access.

No available licenses: The installation fails if no Basic access licenses are available.

Restricted consent policies: Your organization’s Microsoft Azure security policies may block authorization.
Required permissions
To install the app, you must be a Microsoft Entra ID administrator (Cloud Application Administrator or Global Administrator).To complete the setup, you must also be an Azure DevOps organization administrator (Organization Owner or Project Collection Administrator) to add the service principal and grant access to projects, repositories, and webhooks.
How to assign Microsoft Entra ID roles
Go to the Microsoft Entra admin center.

Navigate to Users, select a user, then open Administrative roles.

Click Add assignments.

Assign Global Administrator or Cloud Application Administrator.

Changes may take a few minutes to propagate.
Access rights
- Azure DevOps organization settings.
- User management.
- App registrations in the Azure portal.
- Install and remove applications.
- Manage users and permissions.
Licenses
- At least one Basic access license must be available for the Qodo app user. Free organizations may have a limit (for example, 5 users). If no license is available, the installation fails.
Tenant-level consent and policies
- User consent settings: “Do not allow user consent” may prevent app authorization.
- Admin consent requirements: Your organization may require admin approval for app permissions.
- Microsoft-managed consent policies: These can restrict which apps can be installed or what permissions they can request.

PAT: A personal access token with the required scopes.

Required PAT permissions for setup

Before you begin

Ensure you are added to the required Azure DevOps organization.
Ensure you have sufficient permissions to create and manage Service Hooks (webhooks), as well as repository and pull request access.

Recommended setup

To allow access across all projects: Add the PAT user to Organization Settings → Permissions → Project Collection Administrators.
To allow access only to specific projects: Add the PAT user to the target project via Project Settings → Permissions → Project Administrators, or via Organization Settings → Users → Manage users. Project-scoped access is recommended when integration is needed only for selected projects.

Create your personal access token

Go to Azure DevOps.
Open User Settings in the top-right corner.
Select Personal Access Tokens from the dropdown.

Azure DevOps user settings dropdown showing Personal Access Tokens option

Click New Token.

The Organization dropdown controls the token’s scope. Selecting a specific organization restricts the token to that organization only. Selecting All accessible organizations grants access across all organizations.

Azure DevOps Create a new personal access token dialog showing Name field, Organization dropdown with specific organization and All accessible organizations options, and Scopes section with Custom defined selected

Required scopes

PAT scopes alone are not sufficient. The user who creates the PAT must also have project-level permissions (typically Project Admin) for webhook creation and PR operations to succeed.

Scope	Access	Purpose
Code	Read & Write	Repository and PR access.
Project and Team	Read & Write	Webhook (Service Hooks) management.
Pull Request Threads	Read & Write	Commenting on pull requests.
Wiki	Read & Write	Read, create, and update the project wiki.

Access the Azure DevOps integration

From the left-hand navigation menu, select Integrations.

Locate the Azure DevOps integration card and click Add installation to launch the installation wizard.

Installation type

Select the authentication method that fits your environment. OAuth app registration is selected by default. If you are using a personal access token instead, select the Personal access token (PAT) tab below. Steps 2 and 3 do not apply. Proceed directly to Step 4.

OAuth app registration (Recommended)
Personal access token (PAT)

This method connects using Azure AD app registration and is best for enterprise security and automated access.Rules and guidelines

The Qodo master app is used only for installation and lifecycle management.
Day-to-day Azure DevOps operations use the tenant-specific Qodo-code-review app.
Removing the Qodo master app may prevent reinstall, repair, or uninstall operations.
A Microsoft Entra ID (work or school) account is required. Personal Microsoft accounts are not supported for organizational consent and Azure DevOps app installation.

During installation, Qodo will:

Use the Qodo master app to securely configure the integration.
Create a tenant-specific Azure application named Qodo-code-review.
Grant it Azure DevOps access required for PR analysis and webhooks.
Store the generated credentials securely for integration management.

Click Continue to proceed to the manifest review.

This method connects using a personal access token and is suitable when Azure AD admin access is unavailable.

Enter your token

Enter your personal access token in the field provided.

Azure DevOps installation type screen with PAT selected and personal access token input field

Token validation errors

Failed to validate PAT: the token was copied incomplete. Check that the full token was pasted and try again.
Invalid Personal Access Token: the token is expired or revoked. Generate a new token and try again.

Organization URL (if prompted)

If the Organization URL field appears, enter your org URL in the format https://dev.azure.com/{your-organization}.

The field appears in two cases:

Single-org scoped token: Your token has limited scope. Enter the URL to proceed.
Expired or revoked token: The field appears, but entering the org URL will result in an “Invalid Personal Access Token” error. Regenerate your token and try again.

Azure DevOps installation type screen with PAT selected showing Organization URL field

Continue

Click Continue to proceed to repository selection.

Review manifest

OAuth only. PAT users: skip to Step 4.

Review the manifest

Review the application manifest before installation.

Azure DevOps review manifest screen showing JSON permissions and scopes

The manifest defines the Microsoft Graph permissions Qodo requires:

Permission	Description
`Application.ReadWrite.All`	Allows Qodo to create and manage the webhook app registration, create its service principal, and generate a client secret in the customer’s tenant.
`DelegatedPermissionGrant.ReadWrite.All`	Allows Qodo to grant tenant-wide admin consent for the Azure DevOps delegated permission required by the generated webhook app.

Click Continue.

Install guide

OAuth only. PAT users: skip to Step 4.

The wizard displays a guide for the two steps that will take place in Microsoft’s environment. Review them below, then click Install to proceed.

Azure Admin

Qodo requires temporary Microsoft Graph permissions to:

Create the tenant-specific Qodo-code-review application.
Generate its credentials.
Grant Azure DevOps access required for the integration.
Manage future updates and uninstall operations.

An Azure administrator must approve the Qodo master app. The approval process occurs on Microsoft’s consent screen and may take up to one minute.

Azure DevOps install guide showing Azure Admin step with Microsoft permissions requested preview

Add organization authorization

This step allows Qodo to:

Access repositories selected for code review.
Create and manage webhooks.
Analyze pull requests.
Post review feedback.

An Azure DevOps administrator must approve access for the generated Qodo-code-review application. You are redirected to Azure DevOps to complete authorization. This process might take up to a minute.

Azure DevOps install guide showing ADO Admin step with Microsoft Pick an account preview

Click Install (opens in a new tab) to begin.

Connect repositories

Find your repositories

Use the search bar to find specific repositories, or browse the tree: Organization → Projects → Repositories.

Azure DevOps connect repositories screen showing org, project, and repository tree with checkboxes

This step may take up to a minute to load.

Select repositories

Select individual repositories, an entire project, or the full organization.

Repositories that already have Qodo installed are not available for selection. To reinstall, remove the existing installation first.

Continue

Click Setup to continue. If you see an error, see Common issues and detailed requirements.

Check connection

Qodo automatically sets up the required webhooks.

Once complete, a confirmation is displayed.

Click Sync to proceed.

Enable Qodo

Qodo is now enabled for the selected repositories.

The confirmation screen shows the number of connected repositories and confirms that AI code review and auto rule generation are active.

Click Finish installation.

Qodo is now active on the selected repositories. You can return to this wizard at any time to add more repositories.

Verify the installation

Open a new pull request in one of the connected repositories and confirm Qodo is triggered automatically.

Add a comment using one of the supported commands:

/agentic_describe
/agentic_review

Qodo should respond with a review or PR summary directly on the pull request.

What’s next

View Using Qodo in PRs to learn about next steps and how to get the most out of Qodo.

Documentation Index

​Prerequisites

​Required permissions

​Access rights

​Licenses

​Tenant-level consent and policies

​Access the Azure DevOps integration