eclipse-che · vinokurig · Mar 11, 2026 · Mar 27, 2026 · Mar 27, 2026 · Mar 27, 2026
@@ -13,13 +13,8 @@ To enable users to work with a remote Git repository that is hosted on Microsoft
 
 pass:[<!-- vale RedHat.Spelling = YES -->]
 
-. Set up the Microsoft Azure DevOps Services OAuth App (OAuth 2.0).
-. Apply the Microsoft Azure DevOps Services OAuth App Secret.
-
-[IMPORTANT]
-OAuth 2.0 isn't supported on Azure DevOps Server, see link:https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops[the documentation page].
-[IMPORTANT]
-Azure DevOps OAuth 2.0 is deprecated and no longer accepts new registrations, with full deprecation planned for 2026. See link:https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops[the documentation page].
+. Set up an application in Microsoft Entra ID.
+. Apply the Microsoft Entra ID App Secret.
 
 include::partial$proc_setting-up-the-microsoft-azure-devops-services-oauth-app.adoc[leveloffset=+1]
 

@@ -1,20 +1,21 @@
 :_content-type: PROCEDURE
-:description: Applying the Microsoft Azure DevOps Services OAuth App Secret
-:keywords: microsoft-azure-devops-services-oauth-app, apply, secret
-:navtitle: Applying the Microsoft Azure DevOps Services OAuth App Secret
+:description: Applying the Microsoft Entra ID OAuth App Secret
+:keywords: microsoft-azure-devops-entra-id-oauth-app, apply, secret
+:navtitle: Applying the Microsoft Entra ID OAuth App Secret
 // :page-aliases:
 
-[id="applying-the-microsoft-azure-devops-services-oauth-app-secret"]
-= Applying the Microsoft Azure DevOps Services OAuth App Secret
+[id="applying-the-microsoft-entra-id-oauth-app-secret"]
+= Applying the Microsoft Entra ID OAuth App Secret
 
-Prepare and apply the Microsoft Azure DevOps Services Secret.
+Prepare and apply the Secret that enables {prod-short} to authenticate with Microsoft Entra ID for Azure DevOps repository access.
 
 .Prerequisites
 
-* Setting up the Microsoft Azure DevOps Services OAuth App is completed.
+* You have set up the Microsoft Entra ID OAuth App.
 
-* The following values, which were generated when setting up the Microsoft Azure DevOps Services OAuth App, are prepared:
-** *App ID*
+* The following values, which were generated when setting up the Microsoft Entra ID OAuth App, are prepared:
+** *Application (client) ID*
+** *Directory (tenant) ID*
 ** *Client Secret*
 
 * An active `{orch-cli}` session with administrative permissions to the destination {orch-name} cluster. See {orch-cli-link}.
@@ -37,12 +38,14 @@ metadata:
     che.eclipse.org/oauth-scm-server: azure-devops
 type: Opaque
 stringData:
-  id: __<Microsoft_Azure_DevOps_Services_OAuth_App_ID>__# <2>
-  secret: __<Microsoft_Azure_DevOps_Services_OAuth_Client_Secret>__# <3>
+  tenant-id: __<Microsoft_Entra_ID_Tenant_ID>__# <2>
+  id: __<Microsoft_Entra_ID_App_ID>__# <3>
+  secret: __<Microsoft_Entra_ID_Client_Secret>__# <4>
 ----
 <1> The {prod-short} namespace. The default is `{prod-namespace}`.
-<2> The Microsoft Azure DevOps Services OAuth *App ID*.
-<3> The Microsoft Azure DevOps Services OAuth *Client Secret*.
+<2> The Microsoft Entra ID *Directory (tenant) ID*.
+<3> The Microsoft Entra ID *Application (client) ID*.
+<4> The Microsoft Entra ID *Client Secret*.
 
 . Apply the Secret:
 +

@@ -1,15 +1,15 @@
 :_content-type: PROCEDURE
-:description: Setting up the Microsoft Azure DevOps Services OAuth App
+:description: Setting up the Microsoft Entra ID OAuth App
 :keywords: azure, devops, oauth
-:navtitle: Setting up the Microsoft Azure DevOps Services OAuth App
+:navtitle: Setting up the Microsoft Entra ID OAuth App
 // :page-aliases:
 
 pass:[<!-- vale RedHat.TermsWarnings = NO -->]
 
-[id="setting-up-the-microsoft-azure-devops-services-oauth-app"]
-= Setting up the Microsoft Azure DevOps Services OAuth App
+[id="setting-up-the-microsoft-entra-id-oauth-app"]
+= Setting up the Microsoft Entra ID OAuth App
 
-Set up a Microsoft Azure DevOps Services OAuth App using OAuth 2.0.
+Set up a Microsoft Entra ID OAuth App to enable {prod-short} users to interact with Azure DevOps Git repositories without re-entering credentials.
 
 .Prerequisites
 
@@ -23,24 +23,11 @@ Set up a Microsoft Azure DevOps Services OAuth App using OAuth 2.0.
 
 .Procedure
 
-. Visit link:https://app.vsaex.visualstudio.com/app/register/[].
-
-. Enter the following values:
-
-.. *Company name*: `{prod-short}`
-.. *Application name*: `{prod-short}`
-.. *Application website*: `pass:c,a,q[{prod-url}]/`
-.. *Authorization callback URL*: `pass:c,a,q[{prod-url}]/api/oauth/callback`
-
-. In *Select Authorized scopes*, select *Code (read and write)*.
-
-. Click *Create application*.
-
-. Copy and save the *App ID* for use when applying the Microsoft Azure DevOps Services OAuth App Secret.
-
-. Click *Show* to display the *Client Secret*.
-
-. Copy and save the *Client Secret* for use when applying the Microsoft Azure DevOps Services OAuth App Secret.
+. Register an application in Microsoft Entra ID. See link:https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app[Register an application].
+. Add the *Authorization callback URL* `pass:c,a,q[{prod-url}]/api/oauth/callback` to your application. See link:https://learn.microsoft.com/en-us/entra/identity-platform/how-to-add-redirect-uri[Add a redirect URI].
+. Add a client secret to your application. See link:https://learn.microsoft.com/en-us/entra/identity-platform/how-to-add-credentials?tabs=client-secret[Add credentials].
+. Add the Azure DevOps `vso.code_write` permission to the client application. See link:https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-configure-app-access-web-apis#add-permissions-to-access-your-web-api[Add permissions to access your web API].
+. Connect your Azure DevOps organization to Microsoft Entra ID. See link:https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/connect-organization-to-azure-ad?view=azure-devops#connect-your-organization-to-microsoft-entra-id-1[Connect your organization to Microsoft Entra ID].
 
 pass:[<!-- vale RedHat.TermsWarnings = YES -->]