Authenticate access with personal access tokens for Team Services and TFS

Last Update: 1/19/2017

Team Services | TFS 2017

Visual Studio Team Services and Team Foundation Server use enterprise-grade authentication, backed by Microsoft account or Azure Active Directory (Azure AD), to protect and secure your data. Clients like Visual Studio and Eclipse (with the Team Explorer Everywhere plug-in) natively support Microsoft account and Azure AD authentication, so you can directly use those authentication methods to sign in.

Other clients like Git, NuGet, and Xcode, require basic credentials in the form of a username and password, and don't support Microsoft account and Azure AD features like multi-factor authentication. For these clients, set up personal access tokens by using Git credential managers. You can also use personal access tokens with command-line tools and to access REST APIs for Team Services and TFS.

If you don't want to use a credential manager, you can manually create personal access tokens. You can limit a token's use to a specific lifetime, a Visual Studio Team Services account, and scopes of activities that this token authorizes.

Create personal access tokens to authenticate access

  1. Sign in to either your Visual Studio Team Services account (https://{youraccount}.visualstudio.com) or your Team Foundation Server web portal (https://{server}:8080/tfs/).

  2. From your home page, open your profile. Go to your security details.

  3. Create a personal access token.

    Add a personal access token

  4. Name your token. Select a lifespan for your token.

    If you're using Team Services, and you have more than one account, you can also select the Team Services account where you want to use the token.

    Name your token, select a lifespan. If using Team Services, select an account for your token

  5. Select the scopes that this token will authorize for your specific tasks.

    For example, to create a token to enable a build and release agent to authenticate to Team Services or TFS, limit your token's scope to Agent Pools (read, manage).

  6. When you're done, make sure to copy the token. You'll use this token as your password.

    Use token as the password for your git tools or apps

    Note: Remember that this token is your identity and acts as you when it's used. Keep your tokens secret and treat them like your password.

    Tip: To keep your token more secure, use credential managers so that you don't have to enter your credentials every time. Here are some recommended credential managers:

Revoke personal access tokens to remove access

When you don't need your token anymore, just revoke it to remove access.

  1. From your home page, open your profile. Go to your security details.

  2. Revoke access.

    Revoke a token or all tokens