Its best to use a dedicated service account for this action (eg backrightup@example.com) so that any personal account, when leaving the org, is not removed.

1) Check which account you're authenticated as. Login to Backrightup and click here: https://backrightup.com/Identity/Account/Manage/IntegrationSettings

Check which account you have authenticated with

2) Click on the "Reauthenticate" button.

3) In the next tab over to your Backrightup website tab (very important: same session), login to Azure devops with the new service account or account you will use to authenticate.

4) Now check the following about this account:

a) Now check that exact account is in the Project Collection Administrators group (under Organisation settings - if you cant see that link in your Azure Devops it means you have incorrect permissions. Your account needs to be in this group. They MUST match)
project collection administrators group

b) Next check your account has repo access. The first image shows an account with repo access. The next shows an account without repo access. Note the left hand menus and the lack of repos menu item. This means that administrators in your organisation have likely broken the inheritance structure of the permissions and given repos different access to the rest of the org.

Repo access

No repo access

c) Next check that you have the following setup under 'Policies':

Conditional Access policies and Third Party apps

i) IP Restrictions (Disable Azure Active Directory Conditional Access Policy)**

You can setup IP restrictions on your Azure Devops Tenant by enabling the Azure Active Directory Conditional Access Policy. Please check that you are not restricting access via IP Address otherwise Backrightup may not be able to connect.

ii) Third-party application access via OAuth (Enabled)**

We connect via oAuth as this is safest for all parties - using rotational keys expiring every hour. Please enable this for Backrightup to work

d) Check your license of your authenticated user is NOT "stakeholder". It should be basic license or above:



5). If you are logged into your Azure devops account in your second tab, go ahead and grab the organisation name from the browser url and type it into the "Organisation" text box



6) We recommend you choose "Full access" as this gives you the ability to run restores. You can always change this to "read-only" later. Remember we NEVER delete or overwrite anything in your Azure Devops account

7) Click "Connect" to continue. Use the other guides in this knowledgebase to update settings.

On the following page you will be asked to give permissions to your Azure Devops. Please scroll down to the bottom of the page and click "Accept". This can take a little while to process. Please be patient.



9). You should be connected and backups will begin automatically.
Was this article helpful?
Cancel
Thank you!