How to add Azure AD user to Azure DevOps organisation programmatically

You can do it with User Entitlements - Add Rest API:

POST https://vsaex.dev.azure.com/{organization}/_apis/userentitlements?api-version=5.1-preview.2

Example of the json body:

{  "accessLevel": {    "accountLicenseType": "express"  },  "extensions": [    {      "id": "ms.feed"    }  ],  "user": {    "principalName": "newuser@fabrikam.com",    "subjectKind": "user"  },  "projectEntitlements": [    {      "group": {        "groupType": "projectContributor"      },      "projectRef": {        "id": "e5943a98-a842-4001-bd3b-06e756a7dfac"      }    }  ]}

You can use the User Entitlements - Add API as Shayki mentioned, however, I would like to share the code I used with Azure function to do the same,

public static async Task<string> AddUserEntitlment(            [ActivityTrigger] VSTSIntegrationContext vstsIntegrationContext,            ILogger log        )        {            try            {                var accountName = vstsIntegrationContext.VstsInstance;                string Url = string.Format(@"https://{0}.vsaex.visualstudio.com/_apis/userentitlements?api-version=4.1-preview"                            , vstsIntegrationContext.VstsInstance);                var content = JsonConvert.SerializeObject(                    new                    {                        accessLevel = new                        {                            accountLicenseType = "express"                        },                        user = new                        {                            principalName = vstsIntegrationContext.Email,                            subjectKind = "user"                        }                    });                    log.LogInformation("===========PAT: vstsIntegrationContext.VstsPAT");                var response = await VSTSHelpers.CallVSTSAPI(vstsIntegrationContext.VstsInstance, vstsIntegrationContext.VstsPAT, Url, "POST", content);                log.LogInformation("====response:" + response);                response.EnsureSuccessStatusCode();                                dynamic data = await response.Content.ReadAsAsync<object>();                return data.operationResult.userId;            }            catch (Exception ex)            {                log.LogError(ex.ToString());                throw;            }        }

Powershell script

function Add-UserEntitlement {    [OutputType([int])]    Param    (        [String]$userEmail,        [String]$projAccessLevel,        [String]$projId    )    Begin {        $creds = Import-Clixml -Path creds.xml        [string]$AccName = $creds.AccountName        [string]$userName = $creds.UserName        [string]$vstsToken = $creds.Token        $VstsAuth = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $userName, $vstsToken)))    }    Process {        $vstsUri = "https://$AccName.vsaex.visualstudio.com/_apis/userentitlements?api-version=4.1-preview"        $vstsUEBody = @{            accessLevel = @{ accountLicenseType = "express" }            user = @{ principalName = $userEmail; subjectKind = "user" }            projectEntitlements = @{                 group = @{ groupType = $projAccessLevel }                projectRef = @{ id = $projId }            }         }        $RestParams = @{            ContentType = "application/json"            Method = 'Post'            URI = $vstsUserUri            Body = $vstsUEBody | ConvertTo-Json            Headers = @{Authorization=("Basic {0}" -f $VstsAuth)}        }        $vstsUpdateResult = Invoke-RestMethod @RestParams    }    End {    }}