Prepare permissions

Last Update: 3/6/2017

Decide which user you'll use

Decide which user account you're going to use to register the agent.

Authenticate with PAT to Team Services, TFS 2017, or TFS 2015 Update 3

  1. Sign in with the user account you plan to use in either your Visual Studio Team Services account (https://{your-account} or your Team Foundation Server web portal (https://{your-server}:8080/tfs/).

  2. From your home page, open your profile. Go to your security details.


  3. Create a personal access token.


  4. For the scope select Agent Pools (read, manage) and make sure all the other boxes are cleared.

  5. Copy the token. You'll use this token when you configure the agent.

Authenticate as TFS user

  • TFS 2017: You can use either a domain user or a local Windows user on each of your TFS application tiers.

  • TFS 2015 (applies only to OSX and Linux): We recommend that you create a local Windows user on each of your TFS application tiers and dedicate that user for the purpose of deploying build agents.

Confirm the user has permission

Make sure the user account that you're going to use has permission to register the agent.

Is the user you plan to use is a Team Services account owner or a TFS server administrator? If so, then skip these steps. Otherwise you might see a message like this: Sorry, we couldn't add the identity. Please try a different identity.

  1. Open a browser and navigate to the Agent pools tab for your Team Services account or TFS server:
    • Team Services: https://{your_account}
    • TFS 2017: https://{your_server}/tfs/DefaultCollection/_admin/_AgentPool
    • TFS 2015: http://{your_server}:8080/tfs/_admin/_AgentPool

    The TFS URL doesn't work for me. How can I get the correct URL?

  2. Click the pool on the left side of the page and then click Roles.
  3. If the user account you're going to use is not shown, then get an administrator to add it. The administrator can be an agent pool administrator, a Team Services account owner, or a TFS server administrator.

Q: I'm concerned about security. How is this account used? A: Agent communication.