> ## Documentation Index
> Fetch the complete documentation index at: https://docs.qodo.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Install Qodo on Azure DevOps

> Install Qodo on Azure DevOps for automated code review.

<Note>
  * Available for both single-tenant and multi-tenant Qodo environments.
  * Not sure which deployment model you need? See [Install Qodo in your Git provider](/install-and-configure/install) for a full comparison, or [check your deployment type](/deployment-models#check-your-deployment-type).
</Note>

<Note>
  **Already using Qodo on Azure DevOps?** Migrating to the new wizard gives you full access to available Qodo features, better performance and reliability, and ensures your installation appears on the [Repositories page](/governance/repositories). See the [Migration guide](/install-and-configure/install/azure-devops/migration).
</Note>

Qodo works natively with Azure DevOps, using Microsoft Entra ID to authenticate and authorize access to Azure DevOps APIs, pull request workflows, and Azure Boards work items.

You can configure Qodo for a single repository or project, or expand it across multiple projects within your Azure DevOps organization.

Configuration typically takes around 5–10 minutes. The wizard supports two authentication methods:

* **OAuth app registration** (recommended): Best for enterprise environments. Uses Azure AD app registration for automated access.
* **Personal access token (PAT)**: Suitable when Azure AD admin access is unavailable.

Once installed, Qodo automatically processes pull requests and delivers actionable insights, such as code reviews, descriptions, and improvement suggestions, directly within your Azure DevOps workflow.

## Prerequisites

Before you begin, ensure you have:

* Access to your Qodo portal.
* A Qodo environment configured for Azure DevOps (provided by your Qodo Account Manager).

Based on your authentication method, you need:

* **OAuth**: Azure AD administrator permissions to create app registrations and grant admin consent.

  <a id="required-oauth-permissions" />

  <Accordion title="Required OAuth permissions">
    Before installing Qodo for Azure DevOps, verify that your organization meets all of the requirements below. Missing any of these prerequisites may cause installation or authorization failures.

    #### 1. Verify Microsoft Entra ID (Azure AD) permissions

    Qodo requires authorization through Microsoft Entra ID. The person performing the installation must have one or both of the following roles:

    * `Global Administrator` (recommended)
    * `Cloud Application Administrator`

    **How to check**

    1. Open the [Microsoft Entra admin center](https://entra.microsoft.com).
    2. Navigate to **Identity > Users > Your User > Assigned Roles**.
    3. Verify that one of the required roles is assigned.

    <Note>If the role is missing, contact your Microsoft Entra administrator and request one of the required roles before proceeding.</Note>

    #### 2. Verify Azure DevOps organization permissions

    The installer must be one of:

    * `Organization Owner`
    * `Project Collection Administrator`

    **How to check**

    1. Open Azure DevOps.
    2. Go to **Organization Settings > Permissions**.
    3. Verify your account belongs to `Project Collection Administrators` or `Organization Owners`.

    <Note>If missing, ask an Azure DevOps administrator to grant the required access.</Note>

    #### 3. Verify application installation permissions

    Your organization must allow administrators to install Azure DevOps applications. Confirm that you can:

    * Install marketplace applications
    * Create service connections
    * Authorize applications

    <Note>If unsure, ask your Azure DevOps administrator whether marketplace app installation is permitted for your account.</Note>

    #### 4. Verify user license availability

    Qodo requires an Azure DevOps Basic license.

    1. In Azure DevOps, go to **Organization Settings > Users**.
    2. Verify that at least one `Basic` license is available and that your organization has not reached its user limit.

    <Warning>Installation may fail if all Basic licenses are already assigned.</Warning>

    #### 5. Verify admin consent policies

    Your organization may block third-party application authorization. Verify with your Entra administrator that:

    * Admin consent can be granted for applications
    * Third-party applications are allowed
    * No tenant policies block application registration or authorization

    **Where to check:** In the Microsoft Entra admin center, go to **Identity > Applications > Enterprise Applications > Consent and Permissions**.

    #### 6. Verify enterprise application restrictions

    Some organizations use security policies that restrict which applications can be installed. Ask your Entra administrator to confirm:

    * Qodo applications are allowed by tenant policy
    * No Conditional Access policy blocks application authorization
    * No App Governance policy blocks third-party applications

    #### 7. Verify repository access requirements

    After installation, Qodo must be able to access Azure DevOps resources. Confirm that the installation account has access to:

    * Azure DevOps projects
    * Repositories
    * Pull requests
    * Service hooks and webhooks
  </Accordion>

* **PAT**: A personal access token with the required scopes.

  <Accordion title="Required PAT permissions">
    **Before you begin**

    * Ensure you are added to the required Azure DevOps organization.
    * Ensure you have sufficient permissions to create and manage Service Hooks (webhooks), as well as repository and pull request access.

    **Recommended setup**

    * To allow access across all projects: Add the PAT user to **Organization Settings > Permissions > Project Collection Administrators**.

    * To allow access only to specific projects: Add the PAT user to the target project via **Project Settings > Permissions > Project Administrators**, or via **Organization Settings > Users > Manage users**.

      Project-scoped access is recommended when integration is needed only for selected projects.

    **Create your personal access token**

    1. Go to [Azure DevOps](https://dev.azure.com/).
    2. Open **User Settings** in the top-right corner.
    3. Select **Personal Access Tokens** from the dropdown.

    <Frame>
      <img src="https://mintcdn.com/qodo/k1-Z1YpYgYODtfPV/images/code-review/azure-devops/ado-pat-create-user-settings-dropdown.png?fit=max&auto=format&n=k1-Z1YpYgYODtfPV&q=85&s=8b28b501c9359371b8a53ff795958678" alt="Azure DevOps user settings dropdown showing Personal Access Tokens option" width="2470" height="1576" data-path="images/code-review/azure-devops/ado-pat-create-user-settings-dropdown.png" />
    </Frame>

    4. Click **New Token**.

    <Note>
      The **Organization** dropdown controls the token's scope. Selecting a specific organization restricts the token to that organization only. Selecting **All accessible organizations** grants access across all organizations.
    </Note>

    <Frame>
      <img src="https://mintcdn.com/qodo/btR8CPSwRlOARA5M/images/code-review/azure-devops/ado-pat-create-new-token.png?fit=max&auto=format&n=btR8CPSwRlOARA5M&q=85&s=3a21ceae8730bf84c7667d4ee4b66095" alt="Azure DevOps Create a new personal access token dialog showing Name field, Organization dropdown with specific organization and All accessible organizations options, and Scopes section with Custom defined selected" width="1402" height="796" data-path="images/code-review/azure-devops/ado-pat-create-new-token.png" />
    </Frame>

    **Required scopes**

    <Note>
      PAT scopes alone are not sufficient. The user who creates the PAT must also have project-level permissions (typically **Project Admin**) for webhook creation and PR operations to succeed.
    </Note>

    | Scope                | Access       | Purpose                                    |
    | -------------------- | ------------ | ------------------------------------------ |
    | Code                 | Read & Write | Repository and PR access.                  |
    | Project and Team     | Read & Write | Webhook (Service Hooks) management.        |
    | Pull Request Threads | Read & Write | Commenting on pull requests.               |
    | Wiki                 | Read & Write | Read, create, and update the project wiki. |
  </Accordion>

## Access the Azure DevOps integration

<Steps>
  <Step>
    Log in to your [Qodo portal](https://app.qodo.ai/signin).
  </Step>

  <Step>
    From the left-hand navigation menu, select **Integrations**.
  </Step>

  <Step>
    Locate the **Azure DevOps** integration card and click **Add installation** to launch the installation wizard.
  </Step>
</Steps>

## Install Qodo on Azure DevOps

<Steps>
  <Step title="Installation type">
    Select the authentication method that fits your environment. OAuth app registration is selected by default. If you are using a personal access token instead, select the **Personal access token (PAT)** tab below. Steps 2 and 3 do not apply. Proceed directly to Step 4.

    <Frame>
      <img src="https://mintcdn.com/qodo/k1-Z1YpYgYODtfPV/images/code-review/azure-devops/ado-oauth-step-1-installation-type.png?fit=max&auto=format&n=k1-Z1YpYgYODtfPV&q=85&s=ea734519f05d7f2c475ef4984f6ef3eb" alt="Azure DevOps installation type screen showing OAuth app registration and PAT options" width="1712" height="1390" data-path="images/code-review/azure-devops/ado-oauth-step-1-installation-type.png" />
    </Frame>

    <Tabs>
      <Tab title="OAuth app registration (Recommended)">
        This method connects using Azure AD app registration and is best for enterprise security and automated access.

        **Rules and guidelines**

        * The Qodo master app is used only for installation and lifecycle management.
        * Day-to-day Azure DevOps operations use the tenant-specific Qodo-code-review app.
        * Removing the Qodo master app may prevent reinstall, repair, or uninstall operations.
        * A Microsoft Entra ID (work or school) account is required. Personal Microsoft accounts are not supported for organizational consent and Azure DevOps app installation.

        During installation, Qodo will:

        1. Use the Qodo master app to securely configure the integration.
        2. Create a tenant-specific Azure application named Qodo-code-review.
        3. Grant it Azure DevOps access required for PR analysis and webhooks.
        4. Store the generated credentials securely for integration management.

        Click **Continue** to proceed to the manifest review.
      </Tab>

      <Tab title="Personal access token (PAT)">
        <a id="pat-installation" />

        This method connects using a personal access token and is suitable when Azure AD admin access is unavailable.

        <Steps>
          <Step title="Enter your token">
            Enter your personal access token in the field provided.

            <Frame>
              <img src="https://mintcdn.com/qodo/k1-Z1YpYgYODtfPV/images/code-review/azure-devops/ado-pat-step-1-pat-token-input.png?fit=max&auto=format&n=k1-Z1YpYgYODtfPV&q=85&s=108419864a8c88e28a6d65702f689b5b" alt="Azure DevOps installation type screen with PAT selected and personal access token input field" width="1716" height="1396" data-path="images/code-review/azure-devops/ado-pat-step-1-pat-token-input.png" />
            </Frame>

            <Accordion title="Token validation errors">
              * **Failed to validate PAT:** the token was copied incomplete. Check that the full token was pasted and try again.

                              <Frame>
                                <img src="https://mintcdn.com/qodo/k1-Z1YpYgYODtfPV/images/code-review/azure-devops/ado-pat-step-1-error-failed-validation.png?fit=max&auto=format&n=k1-Z1YpYgYODtfPV&q=85&s=0ca00bb4eb7ce819decdda119f493ffb" alt="Azure DevOps PAT validation showing Failed to validate PAT error" width="1900" height="1546" data-path="images/code-review/azure-devops/ado-pat-step-1-error-failed-validation.png" />
                              </Frame>

              * **Invalid Personal Access Token:** the token is expired or revoked. Generate a new token and try again.

                              <Frame>
                                <img src="https://mintcdn.com/qodo/k1-Z1YpYgYODtfPV/images/code-review/azure-devops/ado-pat-step-1-error-invalid-token.png?fit=max&auto=format&n=k1-Z1YpYgYODtfPV&q=85&s=6bef706b0a85c12aa9b7b8f3a0c9f340" alt="Azure DevOps PAT validation showing org URL field and Invalid Personal Access Token error" width="1900" height="1564" data-path="images/code-review/azure-devops/ado-pat-step-1-error-invalid-token.png" />
                              </Frame>
            </Accordion>
          </Step>

          <Step title="Organization URL (if prompted)">
            If the **Organization URL** field appears, enter your org URL in the format `https://dev.azure.com/{your-organization}`.

            <Note>
              The field appears in two cases:

              * **Single-org scoped token**: Your token has limited scope. Enter the URL to proceed.
              * **Expired or revoked token**: The field appears, but entering the org URL will result in an "Invalid Personal Access Token" error. Regenerate your token and try again.
            </Note>

            <Frame>
              <img src="https://mintcdn.com/qodo/k1-Z1YpYgYODtfPV/images/code-review/azure-devops/ado-pat-step-1-organization-url.png?fit=max&auto=format&n=k1-Z1YpYgYODtfPV&q=85&s=3fbd57206fbe95e9872162dc4c0a10f4" alt="Azure DevOps installation type screen with PAT selected showing Organization URL field" width="1696" height="1392" data-path="images/code-review/azure-devops/ado-pat-step-1-organization-url.png" />
            </Frame>
          </Step>

          <Step title="Continue">
            Click **Continue** to proceed to repository selection.
          </Step>
        </Steps>
      </Tab>
    </Tabs>
  </Step>

  <Step title="Review manifest">
    <Note>
      OAuth only. PAT users: skip to Step 4.
    </Note>

    <Steps>
      <Step title="Review the manifest">
        Review the application manifest before installation.

        <Frame>
          <img src="https://mintcdn.com/qodo/k1-Z1YpYgYODtfPV/images/code-review/azure-devops/ado-oauth-step-2-review-manifest.png?fit=max&auto=format&n=k1-Z1YpYgYODtfPV&q=85&s=f11c4c23addabf3520b0370407497833" alt="Azure DevOps review manifest screen showing JSON permissions and scopes" width="1710" height="1396" data-path="images/code-review/azure-devops/ado-oauth-step-2-review-manifest.png" />
        </Frame>

        The manifest defines the Microsoft Graph permissions Qodo requires:

        | Permission                               | Description                                                                                                                                         |
        | ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- |
        | `Application.ReadWrite.All`              | Allows Qodo to create and manage the webhook app registration, create its service principal, and generate a client secret in the customer's tenant. |
        | `DelegatedPermissionGrant.ReadWrite.All` | Allows Qodo to grant tenant-wide admin consent for the Azure DevOps delegated permission required by the generated webhook app.                     |
      </Step>

      <Step>
        Click **Continue**.
      </Step>
    </Steps>
  </Step>

  <Step title="Install guide">
    <Note>
      OAuth only. PAT users: skip to Step 4.
    </Note>

    The wizard displays a guide for the two steps that will take place in Microsoft's environment. Review them below, then click **Install** to proceed.

    <Steps>
      <Step title="Azure Admin">
        Qodo requires temporary Microsoft Graph permissions to:

        * Create the tenant-specific Qodo-code-review application.
        * Generate its credentials.
        * Grant Azure DevOps access required for the integration.
        * Manage future updates and uninstall operations.

        An Azure administrator must approve the Qodo master app. The approval process occurs on Microsoft's consent screen and may take up to one minute.

        <Frame>
          <img src="https://mintcdn.com/qodo/k1-Z1YpYgYODtfPV/images/code-review/azure-devops/ado-oauth-step-3-install-guide-azure-admin.png?fit=max&auto=format&n=k1-Z1YpYgYODtfPV&q=85&s=c810f5e95a68a879e27641df287a4726" alt="Azure DevOps install guide showing Azure Admin step with Microsoft permissions requested preview" width="1706" height="1402" data-path="images/code-review/azure-devops/ado-oauth-step-3-install-guide-azure-admin.png" />
        </Frame>
      </Step>

      <Step title="Add organization authorization">
        This step allows Qodo to:

        * Access repositories selected for code review.
        * Create and manage webhooks.
        * Analyze pull requests.
        * Post review feedback.

        An Azure DevOps administrator must approve access for the generated Qodo-code-review application. You are redirected to Azure DevOps to complete authorization. This process might take up to a minute.

        <Frame>
          <img src="https://mintcdn.com/qodo/k1-Z1YpYgYODtfPV/images/code-review/azure-devops/ado-oauth-step-3-install-guide-ado-admin.png?fit=max&auto=format&n=k1-Z1YpYgYODtfPV&q=85&s=b3e82afd7b7efb5d8e9d43d2a7bd87b0" alt="Azure DevOps install guide showing ADO Admin step with Microsoft Pick an account preview" width="1712" height="1396" data-path="images/code-review/azure-devops/ado-oauth-step-3-install-guide-ado-admin.png" />
        </Frame>
      </Step>
    </Steps>

    * Click **Install** (opens in a new tab) to begin.
  </Step>

  <Step title="Connect repositories">
    <Steps>
      <Step title="Find your repositories">
        Use the search bar to find specific repositories, or browse the tree: **Organization > Projects > Repositories**.

        <Frame>
          <img src="https://mintcdn.com/qodo/k1-Z1YpYgYODtfPV/images/code-review/azure-devops/ado-oauth-step-4-connect-repositories.png?fit=max&auto=format&n=k1-Z1YpYgYODtfPV&q=85&s=1e98b6245bb1d725962ce748ff4587ea" alt="Azure DevOps connect repositories screen showing org, project, and repository tree with checkboxes" width="1714" height="1394" data-path="images/code-review/azure-devops/ado-oauth-step-4-connect-repositories.png" />
        </Frame>

        This step may take up to a minute to load.
      </Step>

      <Step title="Select repositories">
        Select individual repositories, an entire project, or the full organization.

        <Note>
          Repositories that already have Qodo installed are not available for selection. To reinstall, remove the existing installation first.
        </Note>
      </Step>

      <Step title="Continue">
        Click **Setup** to continue. If you see an error, see [Required OAuth permissions](#required-oauth-permissions).
      </Step>
    </Steps>
  </Step>

  <Step title="Check connection">
    Qodo automatically sets up the required webhooks.

    <Frame>
      <img src="https://mintcdn.com/qodo/k1-Z1YpYgYODtfPV/images/code-review/azure-devops/ado-oauth-step-5-check-connection.png?fit=max&auto=format&n=k1-Z1YpYgYODtfPV&q=85&s=a3ae736e9bc659e53f464bc40cfe6cb9" alt="Azure DevOps check connection screen showing successful installation confirmation" width="1908" height="1566" data-path="images/code-review/azure-devops/ado-oauth-step-5-check-connection.png" />
    </Frame>

    Once complete, a confirmation is displayed.

    * Click **Sync** to proceed.
  </Step>

  <Step title="Enable Qodo">
    Qodo is now enabled for the selected repositories.

    <Frame>
      <img src="https://mintcdn.com/qodo/k1-Z1YpYgYODtfPV/images/code-review/azure-devops/ado-oauth-step-6-enable-qodo.png?fit=max&auto=format&n=k1-Z1YpYgYODtfPV&q=85&s=7915e317a179da45183c61d58892da3b" alt="Azure DevOps enable Qodo screen showing connected repositories count and enabled capabilities" width="1908" height="1560" data-path="images/code-review/azure-devops/ado-oauth-step-6-enable-qodo.png" />
    </Frame>

    The confirmation screen shows the number of connected repositories and confirms that AI code review and auto rule generation are active.

    * Click **Finish installation**.
  </Step>
</Steps>

Qodo is now active on the selected repositories. To add repositories, return to this wizard at any time and run a new installation with the updated scope. Repositories that already have Qodo installed are not available for selection. To reduce scope, remove the installation and create a new one.

## Verify the installation

<Steps>
  <Step>
    Open a new pull request in one of the connected repositories and confirm Qodo is triggered automatically.
  </Step>

  <Step>
    Add a comment using one of the supported commands:

    * `/agentic_describe`
    * `/agentic_review`

    Qodo should respond with a review or PR summary directly on the pull request.
  </Step>
</Steps>

## Next steps

* [Repositories page](/governance/repositories): Enable or disable Qodo on individual repositories within your current scope, in the Qodo portal.
* [Using Qodo in PRs](/code-review/use-qodo-in-prs): Get the most out of Qodo.
