# Azure Cloud Authentication

The recommended way to access your Azure DevOps project is to use personal access tokens (PAT). PAT is like a combination of a user name and a password that are valid for a certain time only and can have restricted access to your Azure DevOps resources.

To create a personal access token, you have to follow the following steps:

1. Sign in to your organization in [Azure DevOps](/product-guides/arm/integration-and-plugins/azure-devops.md).
2. From your home page, open your profile. Go to your **security details**.
3. Select **+ New Token**.
4. **Name** your token, select the **organization** where you want to use the token, and then choose a **lifespan** for your token.
5. Select the **scopes** for this token to authorize for your specific tasks.
6. Click **Create**.
7. When you're done, make sure to copy the token. For your security, it won't be shown again. **Use this token as your password.**

**Pre-requisites:**

If you select **Custom defined** access, then you must select the below options:

1.  **Code**: Select at least **Read** or any other option, except status, so that we are able to enable the pull request.

<figure><img src="/files/TE069FQQ1L4vwZSPqpeT" alt="" width="563"><figcaption></figcaption></figure>

2. **Member Entitlement Management**: Select at least the **Read** option, so that we are able to fetch users, i.e. reviewers; and can perform approval-related operations.

<figure><img src="/files/EkXnMN9uwF2d2GK0GuqU" alt="" width="398"><figcaption></figcaption></figure>

{% hint style="danger" %}
**Limitations:**

When we generate PAT with custom defined access, we won't be able to see **DIFF** of a pull request. This is because the Diff API is not supported with custom access option.

We can only see Diff if PAT is generated with **Full access**.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://knowledgebase.autorabit.com/product-guides/arm/arm-features/version-control/external-pull-request/azure-cloud-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.