Configure Azure Repos and the Git Integration

Configuration for the SnapLogic Git Integration to use Azure Repos.

Important: Microsoft no longer allows new Azure DevOps OAuth app registrations. Register new apps with Microsoft Entra ID instead. Existing OAuth-based authentication for SnapLogic Git integration continues to work until its EOL in 2026, but we recommend switching to Entra ID as soon as possible.

To use Azure Repos, register SnapLogic with Azure Repos and configure the Git Integration feature in your SnapLogic environment (Org). Each Azure Repos registration applies to one control plane (elastic.snaplogic.com, uat.elastic.snaplogic.com, or emea.snaplogic.com) and covers all environments on that control plane.

Setting up the Azure Repos integration involves three services working together. In Microsoft Entra, you register SnapLogic as a trusted application so Entra can authenticate users and issue access tokens for Azure DevOps. In Azure DevOps, you enable third-party app access so the registered application can reach your repositories. In SnapLogic Admin Manager, you enter the credentials from the registered app so SnapLogic can connect to Azure DevOps on behalf of your users.

When you configure the Git Integration in Admin Manager, SnapLogic connects to Azure DevOps using the Microsoft identity platform (v2.0 endpoint). The connection requires two authorized scopes:

  • 499b84ac-1321-427f-aa17-267ca6975798/.default — Grants access to Azure DevOps resources. The GUID is the fixed Microsoft-defined resource identifier for Azure DevOps (resource URI: https://app.vssps.visualstudio.com). The .default suffix requests a token covering all scopes the app has permission for.
  • offline_access — Required to receive refresh tokens. On the Microsoft identity platform, apps must explicitly request this scope to get a refresh token when redeeming an authorization code.
  • In Azure Repos, you need:
    • One or more Azure Repos repositories for SnapLogic assets
    • An application registered with Microsoft Entra to handle user authentication requests for the repo access
    • Azure DevOps organization administrator permissions to configure organization settings and register an app (this is an Azure DevOps organization, separate from your SnapLogic Org)
  • In the SnapLogic environment:
    • A subscription to the SnapLogic Microsoft Azure DevOps Repository feature for each environment
    • Environment admin permissions

Steps

  1. In the Microsoft Entra portal, follow the instructions to register SnapLogic as a trusted application.

    Use the following values for application registration:

    Field Value
    Application website https://control-plane-name where control-plane-name is the control plane you are using.
    • elastic.snaplogic.com
    • uat.elastic.snaplogic.com
    • emea.snaplogic.com
    Authorization callback URL https://control-plane-name/api/1/rest/asset/app/oauthcallback

    Example: https://cdn.control-plane-name/api/1/rest/asset/app/oauthcallback

    Where control-plane-name is the control plane you are using. For example:

    • elastic.snaplogic.com
    • uat.elastic.snaplogic.com
    • emea.snaplogic.com
    Azure DevOps permissions Select the permissions the registered app will have in Azure DevOps:
    • User profile (write)
    • Code (full)
  2. Click Register. The registered app's overview page opens. You will need values from this page and from Certificates & secrets to configure the Git Integration in Admin Manager.
  3. In the Azure DevOps console, navigate to Organization Settings. In the Policies > Application connection policies section, toggle On the Third-party application access via OAuth setting.
    Azure Repo Setting - Third-party Access to OAuth

    Note: Despite the label, this setting controls whether third-party applications (including Entra-authenticated apps) can access Azure DevOps APIs. It is not the same as the deprecated OAuth app registration method described in the note at the top of this page.
    Important: Enable third-party access only for the project that will track SnapLogic assets.
  4. Admin Manager

    In SnapLogic Admin Manager, navigate to System Configuration and select Git Integration. In the Git Integration page, configure the settings for Git integration with Azure Repos.

    1. From the Git integration type dropdown, select Microsoft Azure with Entra ID.
    2. Configure the fields as described below. Copy Tenant ID, Client ID, Client secret ID, and Client secret from the registered app's overview page and Certificates & secrets page. Set the remaining fields as shown.
    Admin Manager field Value

    SnapLogic Admin Manager — Git Integration configuration fields


    Configure Git dialog

    Microsoft Entra portal — registered app overview and client secrets pages


    Application Settings of the newly registered app

    Client secret values of the newly registered app

    Tenant ID Directory (tenant) ID
    Client ID Application (client) ID
    Client secret ID Certificates & secrets > Client secrets > Secret ID
    Client secret Certificates & secrets > Client secrets > Value
    Base URL

    Accept the default https://dev.azure.com/.

    Callback URL

    Set to https://<control-plane-name>/api/1/rest/asset/app/oauthcallback.

    Where <control-plane-name> is the control plane you are using. For example:

    • elastic.snaplogic.com
    • uat.elastic.snaplogic.com
    • emea.snaplogic.com
    Authorized Scopes

    Enter the following OAuth 2.0 scope strings, separated by a space. These are different from the Azure DevOps permissions you selected during app registration — these are the scope strings SnapLogic sends when requesting an access token:

    • 499b84ac-1321-427f-aa17-267ca6975798/.default
    • offline_access — Required to receive refresh tokens. On the Microsoft identity platform, apps must explicitly request this scope to get a refresh token when redeeming an authorization code.

    The GUID (499b84ac-1321-427f-aa17-267ca6975798) is a fixed Microsoft-defined resource ID for Azure DevOps. It is the same for all configurations — do not replace it with your client ID.

The SnapLogic environment is now configured to connect to Azure Repos. Have users authorize SnapLogic to access Azure Repos.