Set up Multi-Tenant Authentication with Azure DevOps
Do you have multiple tenants and want to set up Swimm with Azure DevOps?
Azure DevOps users typically have one primary "tenant" and can also be "guests" or "members" of external tenants.
To use Swimm with multiple ADO tenants, each tenant must be uniquely linked to one Swimm workspace, requiring a custom authentication app for each tenant and Swimm workspace.
One ADO tenant = One Swimm workspace
- Navigate to your workspace settings and create a new workspace for each tenant.
We will use Microsoft Entra as the authentication provider for Azure DevOps to use one authentication mechanism for all tenants.
Prerequisites
- Each tenant and Azure DevOps organization must be connected to Microsoft Entra.
- The user must be a member or guest of the tenant to access.
- The user has at least one role in the tenant.
Please follow these steps:
Create a custom Entra authentication app
Create Application (7 steps)
- New Registration
- Register Application
- Add Platform
- Redirect URI
- API Permissions
- App Secret
- Review Info
- Navigate to https://entra.microsoft.com/
- Go to
Applications > App registrations
and clickNew registration
.
- On the Register an application page, fill in application name
swimm-authentication-app
. - Under Supported account type, select
Multitenant
only. - Click Register.
- Go to
Authentication > Platform configurations
and clickAdd a platform
- Select
Web
as the configured platform.
- Under Redirect URIs, add a redirect URI for each tenant you want to access through Swimm. The redirect URIs should follow this format:
- Additional URIs can be added on the main app page.
https://app.swimm.io/azureAuth?git_hosting=login.microsoftonline.com&tenant_id=<your tenant-id>
- Navigate to the API permissions tab and click on Add a permission.
- Select
Azure DevOps
in the Request API permissions panel. Under vso select the following permissions:
vso.code_write
vso.profile
vso.project
- Confirm the app shows the following API permissions.
- Click Grant admin consent for
<your tenant>
to prevent each user from having to approve these permissions individually when they first log in to Swimm.
- Navigate
Certificates & secrets
and add aNew client secret
- Add description and expiration time to client secret. Click
Add
: - Save the Client secret generated to send to Swimm.
Gather information to send to Swimm in the final step.