How to add Service Principal to Azure Devops via CLI

Copper Contributor

Now, when Azure Devops supports App Registrations, how can I add a given App Registration as a user in Azure Devops via CLI? I want to basically do the thing shown on this video but via CLI:


The `az devops user add` command seems to be oriented for human Users.


1 Reply

I did run in the same problem recently. The cli does not seem to have the service principal option (github link).
The only way I have found (by looking what the UI is doing when adding a sp user) was combination of two api calls:
with body:

  "identityTypes": ["user", "servicePrincipal"],
  "operationScopes": ["source", "ims"],
  "options": { "MinResults": 5, "MaxResults": 40 },
  "properties": [

which gives me the originid of a SP in AAD. With originid I can call


with body:

  "accessLevel": {
    "licensingSource": 1,
    "accountLicenseType": 2,
    "msdnLicenseType": 0,
    "licenseDisplayName": "Basic",
    "status": 0,
    "statusMessage": "",
    "assignmentSource": 1
  "projectEntitlements": [
      "group": { "groupType": 2 },
      "projectRef": { "id": "PROJECT_ID" }
  "servicePrincipal": {
    "displayName": "DISPLAY_NAME",
    "origin": "aad",
    "originId": "ORIGIN_ID",
    "subjectKind": "servicePrincipal"

To add a SP to ADO.


Unfortunately the identitypicker does not seem to be a documented API and at the same time the only API that returns origin id of a AAD SP.

I know this is not quite answering the question for az cli but hope it can help to someone looking to add SP in ADO.