I just created a new organization for my team on Azure DevOps. I wanted to activated the git access through username/password to begin with(for multiple reasons: We use Https, so no ssh certificate, and I've no idea how to use PAT with our current git client(sourcetree)).
Currently, when I go in my settings on "Alternate credentials", I get this:
But I've been into the organization page and I cannot find this settings? How can I enable it?
But I've been into the organization page and I cannot find this
settings? How can I enable it?
You can't enable that, the Alternate authentication credentials setting has been removed from Organization settings=>Policies for newly created organizations. Check the blog shared above in Michael's answer.
I've no idea how to use PAT with our current git client.
It's recommended to use PAT instead since you have no SSH certificate. Here're samples about how to use git+pat without pop-up window for credentials (Useful when you're running the commands in pipeline, since you can't enter credentials if there's pop-up window):
1.You can generate Git credentials to get temp username and password, and then use format:
git clone https://UserName:Password#dev.azure.com/OrgName/ProjectName/_git/RepoName
2.You can create a limited PAT(more secure then Full access) and use command:
git clone https://anything:{yourPAT}#dev.azure.com/OrgName/ProjectName/_git/RepoName
Same format when using git push...
Also you can clone the repo with git clone + URL from this button. Per my experience, it will prompt for credentials and save the credentials in local machine.
For Source Tree:
Url: https://OrganizationName.visualstudio.com
userName: The email address of your azure devops account
password: PAT
Enter correct URL format, click the refresh PAT button and enter the email as username, PAT as password. The authentication succeeds in my source tree for windows.
Looks like effective March 2, 2020 Alternate Credentials are no longer supported. Organizations created before then can use them for a short time to transition to PATs. New organizations do not have that option. Source
From Microsoft DevBlog:
Deprecation Timeline
Beginning December 9, 2019 we will disable and hide Alternate Credentials settings for organizations that don’t have Alternate Credentials set. This change will be in effect for all these organizations by December 20, 2019.
In the coming months we will work with our customers that are still using the feature, to help them switch to another, more secure authentication method.
March 2, 2020 – Start gradually disabling Alternate Credentials for all Azure DevOps organizations.
Legacy Organizations
If you have a legacy organization, the option would appear under Organization Settings, Policies (under the Security subheading). The toggle is called "Alternate authentication credentials"
Related
I have a repo in Azure DevOps Server 2020 (on-premise), which contains a lot of files. I'm trying to use Sourcetree to maintain changes in repo.
Sourcetree has an option to setup remote account to connect to ADS. But I cannot connect to ADS, I get strange errors.
I tried using Host URL with only domain, with collection name and even with project name, but no success :(
Settings before clicking "Refresh Personal Access Token".
Then I add my PAT via "Refresh Personal Access Token", I use my ADS username (integrated with Active Directory) and PAT as password:
I get the error after enterring username and PAT:
So my questions:
Is my authenication flow correct?
Should I use only hostname as "Host URL" in Sourcetree or I should add also Organisation (Collection) and Project name?
What should I use in PAT request:
Active Directory username (with domain or not?) and PAT as password?
PAT as username and as password?
PAT as password and no username?
something else?
Sourcetree has an option to setup remote account to connect to ADS.
But I cannot connect to ADS, I get strange errors.
The Remote option is only for Azure DevOps Services, the on-premise Azure DevOps Server is not supported with this option. Something like Bitbucket and Bitbucket Server, they have different authentication methods
E.G The Azure DevOps Services https://dev.azure.com/{org} works as expected:
For on-premise Azure DevOps Server, we can use the Clone option, just copy the specific repo URL from your project, then set the local path to clone. After that you can change your source files on your local repo and push them to remote repo.
I used the password authentication for GitHub. Today changed. I just removed in PhpStorm the GitHub Account and created a new one with the NEW CREATED ACCESS TOKEN (with full repo access, also private).
I restarted PhpStorm. But if I push or pull I still get the error:
remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.
remote: Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information.
fatal: unable to access xxxxx
You can try to remove the current PW Git auth from the OS credential store, to make sure it doesn't get used anymore.
In Windows: To open Credential Manager, type credential manager in the search box on the taskbar and select Credential Manager Control panel. Select Web Credentials or Windows Credentials to access the credentials you want to manage.
Mac: Keychain App
Linux: Often libsecret, and can be managed with gnome-keyring/Seahorse/Password app
Find the entries for GitHub.com and delete them.
You may also try to do a git fetch on CLI after that, to make Git prompt you and add the new entry.
I try to use alternative credentials.
I write the name and password, then I press "Save", Azure DevOps shows me the message that the user was saved.
I navigate to other pages, if I return to the page, alternative credentials do not appear.
I have collection administrator permissions.
Another partner with the same permissions creates the alternative credential and Azure DevOps keeps the account.
The difference between the two users is that, I have a hotmail account associated with my Visual Studio license and the partner has the organization account.
I appreciate any support.
Alternate credentials has not been saved
As we know, the alternate credentials are created based on each user's account. To resolve this issue, make sure your account in current Organization.
However, what i want to say is that the security level of the alternate credentials is Least secure:
MS don't recommend using alternate credentials and Azure DevOps will no longer support Alternate Credentials authentication.
Deprecation Timeline
Beginning December 9, 2019 we will disable and hide Alternate Credentials settings for organizations that don’t have Alternate
Credentials set. This change will be in effect for all these
organizations by December 20, 2019.
In the coming months we will work with our customers that are still using the feature, to help them switch to another, more secure
authentication method.
March 2, 2020 – Start gradually disabling Alternate Credentials for all Azure DevOps organizations.
Check the dev blogs for some more details.
Hope this helps.
I have registered an account with GitKraken and confirmed that I have rights to a repo on VSO. When I attempt to login, my uid and pwd and cleared from the text box and I can't login
Any guesses where the point of failure is? When I use Visual Studio, I can log into that TFS repo no problem
You can't use your VSO login directly in Git Kraken.
There are two ways you can approach this:
- Use a personal access token. In VSO, click on your profile icon -> Security - Personal access tokens. Create a new access token and use that as a password. Personal access tokens have an expiry date, so you will have to create a new one after some time.
use ssh. That is what I am using, as I think it is more convenient, but a bit more steps to set up. Here is a tutorial on how to set it up with VSO: https://learn.microsoft.com/de-de/vsts/repos/git/use-ssh-keys-to-authenticate?view=vsts
My Github account has two factor authorization (2fa) enabled. I want to integrate Jenkins with a few of my private repositories, but I cannot authorize them because I have 2fa enabled. Note this is a multibranch pipeline project.
Any ideas how to configure Jenkins to connect with private repos without creating a dummy account that does not have 2fa enabled?
Whoever would have thought to click the help button?
Credentials used to scan branches and pull requests, check out sources and mark commit statuses.
If none is given, only the public repositories will be scanned, and commit status will not be set on GitHub.
If your organization contains private repositories, then you need to specify a credential from an user who have access to those repositories.
This is done by creating a "username with password" credential where the password is GitHub personal access tokens. The necessary scope is "repo"
ie use a Github personal access token as your password when using username/password for your Jenkins credential.