7pace Timetracker requires the use of a Service Account user in order to have access to DevOps data from your organization. If a Service Account is not set, then you will not have full functionality of Timetracker Reporting, the Times Explorer page, search, API, and other segments. Therefore, in order to have full functionality that 7pace Timetracker can provide, you need to configure one of your licensed users as a Service Account user.
The Service Account user must be a DevOps user who is part of the DevOps Project Collection Administrator group. The reason is so that Timetracker can obtain DevOps data about work items from across your DevOps organization, by using this user's authorization token.
In order to set up the Timetracker Service Account, the user who will serve as the Service Account must log into 7pace Timetracker, navigate to Timetracker Settings -> Reporting and API -> Service Account -> and click on "Set myself as Service Account":
Optional privacy setting
You can enable Timetracker to display data from all of the Projects in your DevOps organization in Timetracker Reporting and Times Explorer to users who normally do not have access to those Projects. If you enable the "Allow access to DevOps data from restricted projects in Reporting" setting, then users will be able to see work item details (title and basic information) for tracked time across your organization even if their DevOps user permissions would not allow it.
Service Account Personal Access Token (PAT)
Users can authorize Timetracker for use with DevOps either via OAuth authorization, or by way of a DevOps issued Personal Access Token (PAT). For the user serving as the Timetracker Service Account user, it is a requirement to authorize Timetracker with DevOps by using a DevOps issued PAT.
Timetracker will then use this PAT to access work item information from your organization, and display this data in Timetracker Reporting and Times Explorer.
Since DevOps limits the lifespan of a Personal Access Token to a maximum of a year, we recommend creating a PAT which will expire after a year, so that you need to renew it only once per year.
To see common errors related to an expired Service Account PAT or misconfigured Service account, please click here: 7pace Timetracker Reporting and API common errors and states. Why is my Reporting or API not working?
Service Account Personal Access Token (PAT) requirements
There are no different requirements for the Service Account user's PAT compared to regular users. The Personal Access token used for 7pace Timetracker must have the following scopes enabled:
- User profile (read)
- Work Item (read & write)
- Identity (read)
You can find instructions on how to generate a Personal Access Token in DevOps in this Microsoft article guide: Use personal access tokens.