Configure Azure Repos and the Git Integration
Configuration for the SnapLogic Git Integration to use Azure Repos.
To use Azure Repos, register SnapLogic with Azure Repos and configure the Git Integration feature in
your SnapLogic environment (Org). Each Azure Repos registration applies to one control plane
(elastic.snaplogic.com, uat.elastic.snaplogic.com, or
emea.snaplogic.com) and covers all environments on that control plane.
Setting up the Azure Repos integration involves three services working together. In Microsoft Entra, you register SnapLogic as a trusted application so Entra can authenticate users and issue access tokens for Azure DevOps. In Azure DevOps, you enable third-party app access so the registered application can reach your repositories. In SnapLogic Admin Manager, you enter the credentials from the registered app so SnapLogic can connect to Azure DevOps on behalf of your users.
When you configure the Git Integration in Admin Manager, SnapLogic connects to Azure DevOps using the Microsoft identity platform (v2.0 endpoint). The connection requires two authorized scopes:
499b84ac-1321-427f-aa17-267ca6975798/.default— Grants access to Azure DevOps resources. The GUID is the fixed Microsoft-defined resource identifier for Azure DevOps (resource URI:https://app.vssps.visualstudio.com). The.defaultsuffix requests a token covering all scopes the app has permission for.offline_access— Required to receive refresh tokens. On the Microsoft identity platform, apps must explicitly request this scope to get a refresh token when redeeming an authorization code.
- In Azure Repos, you need:
- One or more Azure Repos repositories for SnapLogic assets
- An application registered with Microsoft Entra to handle user authentication requests for the repo access
- Azure DevOps organization administrator permissions to configure organization settings and register an app (this is an Azure DevOps organization, separate from your SnapLogic Org)
- In the SnapLogic environment:
- A subscription to the SnapLogic Microsoft Azure DevOps Repository feature for each environment
- Environment admin permissions
Steps
- In the Microsoft
Entra portal, follow the instructions
to register SnapLogic as a trusted application.
Use the following values for application registration:
Field Value Application website https://control-plane-namewherecontrol-plane-nameis the control plane you are using.- elastic.snaplogic.com
- uat.elastic.snaplogic.com
- emea.snaplogic.com
Authorization callback URL https://control-plane-name/api/1/rest/asset/app/oauthcallbackExample:
https://cdn.control-plane-name/api/1/rest/asset/app/oauthcallbackWhere
control-plane-nameis the control plane you are using. For example:- elastic.snaplogic.com
- uat.elastic.snaplogic.com
- emea.snaplogic.com
Azure DevOps permissions Select the permissions the registered app will have in Azure DevOps: - User profile (write)
- Code (full)
- Click Register. The registered app's overview page opens. You will need values from this page and from Certificates & secrets to configure the Git Integration in Admin Manager.
- In the Azure DevOps console, navigate to Organization
Settings. In the
Policies > Application connection policies section,
toggle On the Third-party application access via OAuth
setting.

Note: Despite the label, this setting controls whether third-party applications (including Entra-authenticated apps) can access Azure DevOps APIs. It is not the same as the deprecated OAuth app registration method described in the note at the top of this page.Important: Enable third-party access only for the project that will track SnapLogic assets. -
Admin Manager
In SnapLogic Admin Manager, navigate to System Configuration and select Git Integration. In the Git Integration page, configure the settings for Git integration with Azure Repos.
- From the Git integration type dropdown, select Microsoft Azure with Entra ID.
- Configure the fields as described below. Copy Tenant ID, Client ID, Client secret ID, and Client secret from the registered app's overview page and Certificates & secrets page. Set the remaining fields as shown.
Admin Manager field Value SnapLogic Admin Manager — Git Integration configuration fields

Microsoft Entra portal — registered app overview and client secrets pages


Tenant ID Directory (tenant) ID Client ID Application (client) ID Client secret ID Client secret Base URL Accept the default
https://dev.azure.com/.Callback URL Set to
https://<control-plane-name>/api/1/rest/asset/app/oauthcallback.Where
<control-plane-name>is the control plane you are using. For example:- elastic.snaplogic.com
- uat.elastic.snaplogic.com
- emea.snaplogic.com
Authorized Scopes Enter the following OAuth 2.0 scope strings, separated by a space. These are different from the Azure DevOps permissions you selected during app registration — these are the scope strings SnapLogic sends when requesting an access token:
499b84ac-1321-427f-aa17-267ca6975798/.defaultoffline_access— Required to receive refresh tokens. On the Microsoft identity platform, apps must explicitly request this scope to get a refresh token when redeeming an authorization code.
The GUID (
499b84ac-1321-427f-aa17-267ca6975798) is a fixed Microsoft-defined resource ID for Azure DevOps. It is the same for all configurations — do not replace it with your client ID.