AD Groups and the Everyone Team

I’ve added a group to the Everyone Team, expecting OD to use that group for AD integration, but OD makes individual user accounts in the Everyone Team as well. Since that team member is in our AD group, this doesn’t make much sense to me. FWIW, OD seems to do the right thing for the Admin, and various other teams, just not Everyone. Also, I can’t delete the group I assigned to the Everyone Team.

Hi there Richard,

Thanks for reaching out! The way Octopus works with users goes a bit like this: Every time a user logs in - whether it is part of an AD group or a single AD user - a user gets created for him on the Octopus database, hence it also gets added to the Everyone group.

All AD users will have access to Octopus by default. They just wont have any privilege (except for login) unless they were added to an Octopus team first. Because of this there is no need to add AD groups to the Everyone team. Just go ahead an add your AD security group to the team you want them to belong, and all the member will be ready to go. Once they login for the first time, a user will be created for them on Everyone.

As for not being able to delete the AD group from the Everyone group, I’ve submitted a github issue to discuss it with the team. Here’s the link in case you want to follow it up:

Hope this helps :slight_smile:


Awesome, that clears things up. I guess the purpose of the Everyone group
is to allow for some sort of basic restriction using the Projects and
Environment tags, but even then, it’s not at all clear to me how that would
change what happens by default anyway. For our use case, Everyone is just
kind of redundant as it has the exact same information as the Users page.

Blue Skies,