How would someone who is not the part of windows group or active directory access the TFS projects?

Question

I have configured TFS on my live server which is in our office premises.

Right now, we can access it i.e. windows domain users/active directory users but when I give my user name password to someone out of our office premises and ask him to connect to TFS project from visual studio via a web link then he cannot connect and tell him that either the credentials are more than necessary or you have no permission.

But the same credentials is working for the TFS web portal, for the same guy but not if connecting to the project from visual studio.

Why? Is there any way to let them access our projects without them being the part of windows group or Active Directory i.e. TFS own users? How should we do that?

Answer 1

You can't. TFS authentication is based on Active Directory, end of story. If someone needs access to TFS, they need an AD account, and that AD account needs to be granted access to TFS.

Answer 2

You can add Windows user or Windows group in TFS. TFS use the authentication with windows user/ domain user(Active Directory) to access the server. TFS can't create users directly. There are no TFS own users.

Additional: About the relationship with TFS and Active Directory

TFS does not write to Active Directory (AD) nor "has it's own Active Directory".

TFS stores users and groups, permissions and security, into its own database. To integrate with Windows Security by running a background job every hour and reading users and groups from AD.

Since you are a TFS Administrator (the same with other normal users), we highly recommend you not directly share your admin credentials to others. There are a lot of potential risks.

You may have to add that user in your AD, and give him access to TFS, finally follow tutorial: Connect from Visual Studio or Team Explorer. He should be able to use Visual Studio to access your TFS server properly.