Skip to main content

Overview

This guide covers how to add SYNQ’s public SSH key to Azure DevOps Repos for repository access.
Before you start: Create your Git integration in SYNQ first by following the integration form instructions. You’ll need the public SSH key from that integration.

Prerequisites

  • Access to Azure DevOps
  • Read permissions on the repository you want to integrate
  • Public SSH key from your SYNQ Git integration
  • A service account or user account to add the SSH key to
⏱️ Estimated time: 10 minutes
Important: Azure DevOps does not support repository-level deploy keys. You must use a service account or user account with SSH keys. The account should have Read permissions only on the repository.

IP Whitelisting (If Required)

If your Azure DevOps organization uses IP restrictions, add SYNQ’s egress IP addresses for your region. See SYNQ IP Whitelist for the complete list. For instructions on configuring IP restrictions in Azure DevOps, see Azure DevOps’ guide on IP address restrictions.

Setting Up SSH Access

Step 1: Create or Use a Service Account

  1. Create a dedicated service account for SYNQ (recommended) or use an existing account
  2. Grant the account Read permissions on the repository:
    • Navigate to Project Settings > Repositories
    • Select your repository
    • Go to Security tab
    • Add the service account with Read permission only
Using a dedicated service account makes it easier to audit and revoke access if needed.

Step 2: Add SSH Public Key

  1. Sign in to Azure DevOps with the service account
  2. Click on your User settings icon (top right)
  3. Select SSH public keys
  4. Click + New Key
  5. Configure the SSH key:
    • Name: Enter a descriptive name (e.g., SYNQ Integration)
    • Public Key Data: Paste the complete public SSH key from SYNQ
Make sure to paste the complete key including the ssh-rsa or ssh-ed25519 prefix.
  1. Click Add
The SSH key is now active for this account.

Step 3: Verify Repository Access

Ensure the service account has access to the specific repository:
  1. Navigate to Project Settings > Repositories
  2. Select your repository
  3. Go to Security tab
  4. Verify the service account is listed with Read permissions

Repository URL Format

When configuring the integration in SYNQ, use the Azure DevOps SSH URL format: Format: [email protected]:v3/organization/project/repository Example: [email protected]:v3/mycompany/DataPlatform/analytics-repo
The URL format for Azure DevOps SSH is different from other Git providers. Make sure to use the exact format shown above with ssh.dev.azure.com:v3/. SYNQ will automatically convert this to dev.azure.com for the web URL.

Commit URL Format

For most Azure DevOps instances, SYNQ automatically detects the correct commit URL format. If auto-detection doesn’t work for your setup, you can specify it manually in the integration form. Recommended format (works with all Azure DevOps instances): {web_url}/commit/{hash} The {web_url} placeholder automatically resolves to your full repository web URL including organization, project, and repository components. Alternative explicit format: https://dev.azure.com/{owner}/{name}/commit/{hash} Note: This format may not work correctly if SYNQ cannot properly parse the project and repository from your SSH URL. Use the {web_url} format for better reliability.

Finding Your Repository URL

To find your repository’s SSH URL:
  1. Go to your repository in Azure DevOps
  2. Click Clone button (top right)
  3. Select SSH tab
  4. Copy the URL (it will be in the format above)

Troubleshooting

SSH key not working

  • Verify the complete public key was copied (including the ssh-rsa or ssh-ed25519 prefix)
  • Ensure the SSH key was added to the correct user/service account
  • Confirm the account has Read permissions on the repository

Connection refused

  • Check that your organization’s IP restrictions (if configured) include SYNQ’s egress IPs
  • Verify the repository SSH URL uses the correct format: [email protected]:v3/org/project/repo
  • Ensure the URL has v3 in the path (required for Azure DevOps Git)

Permission denied

  • Verify the service account has explicit Read permissions on the repository
  • Check that the account is not disabled or expired
  • Ensure the SSH key is added to the same account that has repository access

SSH URL format issues

  • Azure DevOps requires a specific SSH URL format: [email protected]:v3/org/project/repo
  • Do not use HTTPS URLs - only SSH URLs are supported
  • The v3 in the path is required
  • Organization, project, and repository names are case-sensitive

Security Best Practices

  1. Use a dedicated service account for SYNQ integration
  2. Grant Read permissions only - SYNQ never needs write access
  3. Regularly audit access - Review service account permissions periodically
  4. Enable IP restrictions - Limit access to SYNQ’s egress IPs
  5. Monitor access logs - Check for unexpected authentication attempts

Additional Resources