Seeq Knowledge Base

Integrating Git with Azure DevOps

Overview

Seeq Data Lab's Advanced Mode (JupyterLab interface) supports Git integration with Azure DevOps Repos using HTTPS and Personal Access Token (PAT) authentication. The workflow mirrors the general Git integration described in the parent page, with Azure DevOps-specific steps for authentication and repository URL retrieval.

Note: The JupyterLab Git extension handles credentials for HTTPS connections only. SSH is not supported through the GUI. Users can use SSH via the JupyterLab terminal, but push/pull operations will not be available through the Git panel in that case. HTTPS with a PAT is the recommended approach.

Network Requirements

Connecting Data Lab to Azure DevOps requires outbound HTTPS (port 443) access from the Seeq environment to your Azure DevOps instance. There are two potential points of configuration:

Seeq Egress Allowlist

Seeq controls outbound network access from Data Lab. To allow Data Lab to reach your Azure DevOps instance, submit a support ticket to Seeq requesting that your Azure DevOps hostname be added to the egress allowlist. The hostname will typically be dev.azure.com or <yourorg>.visualstudio.com.

Azure DevOps Conditional Access (IP Fencing)

If your organization has IP-based Conditional Access policies configured in Microsoft Entra ID, Azure DevOps will validate the source IP on PAT-based (non-interactive) flows like Git operations, provided the "IP Conditional Access policy validation on non-interactive flows" setting is enabled in your Azure DevOps organization settings. If this is the case, you will need to allowlist the egress IP addresses of your Seeq Data Lab environment in your Conditional Access policy.

To obtain the Seeq Data Lab egress IP addresses, include this request in your Seeq support ticket. For more information on configuring IP-based Conditional Access policies in Azure DevOps, see Conditional Access policies on Azure DevOps.

Authenticating with Azure DevOps

Azure DevOps requires a Personal Access Token (PAT) in place of your account password when authenticating over HTTPS.

To generate a PAT:

  • Sign in to your Azure DevOps organization at https://dev.azure.com.

  • Click your user icon in the top-right corner and select Personal access tokens.

  • Click + New Token.

  • Give the token a name, set an expiration date, and under Scopes, select Code to Read and Write.

  • Click Create and copy the token value immediately, as it will not be shown again.

Store your PAT securely. If lost, you must generate a new one and revoke the old token.

Cloning an Azure DevOps Repository

  • In Azure DevOps, navigate to your project and open the Repos section.

  • Click the Clone button and select HTTPS. Copy the repository URL (it will look like: https://<org>@dev.azure.com/<org>/<project>/_git/<repo>).

  • Open your Seeq Data Lab project and switch to Advanced Mode.

  • In the file browser, navigate to the directory where you want to clone the repository.

  • Click the Git sidebar tab and select Clone a Repository, or use the toolbar: Git, Clone a Repository.

  • Paste the HTTPS URL copied from Azure DevOps and click Clone.

  • When prompted for credentials, enter your Azure DevOps email address as the username and your Personal Access Token as the password. Azure DevOps ignores the username field for PAT authentication, so any non-empty value will work.

  • Optionally check "Save my login temporarily" to cache credentials in your browser for one hour.

Pushing and Pulling Changes

Once cloned, the Stage, Commit, Push, and Pull workflows are identical to those described on the parent Integrating Git page. There are no Azure DevOps-specific differences for these operations.

Troubleshooting

Issue

Likely Cause

Resolution

Authentication failed on clone or push

Incorrect PAT or PAT lacks Code (Read and Write) scope

Generate a new PAT with the correct scope

Repository URL not accepted

Copied SSH URL instead of HTTPS

Return to Azure DevOps Repos, Clone, and select HTTPS

PAT expired

Token past its expiration date

Generate a new PAT in Azure DevOps and re-enter credentials

Push rejected (not up to date)

Remote has commits not in local branch

Pull latest changes first, resolve any conflicts, then push

Cannot reach Azure DevOps host

ADO hostname not in Seeq egress allowlist

Submit a Seeq support ticket to allowlist the hostname

Git operations blocked despite valid PAT

IP-based Conditional Access policy blocking Seeq egress IPs

Request Seeq egress IPs via support ticket and add to your Entra Conditional Access policy