Hi Support team,
We have about 500 instances in our org, the URLs are like this octopus.ourorg.com/projectname, we want to enable Azure AD authentication but it seems we will have to add this 500 URLs into the reply URL in 1 single app registration.
Is there any central home page for all of these instances so that our users have an easier home page to go to and also be able to see how many instances they have access/projects on? Also we can just use 1 URL for the Azure AD auth?
Thank you!
Hi,
Thanks for getting in touch and I’m sorry for the delay in getting back to you on this one! I had a chat to the developers who look after authentication and unfortunately there is currently no easy way to achieve AzureAD authentication for multiple Octopus instances without setting every reply URL in your Azure AD App registrations. We understand in your situation this is a sizable task, but it is required as one of the security mechanisms built in to OpenIDConnect.
We are looking into other options here but unfortunately we won’t be seeing them available in production for quite some time.
I wish I was more help here and I look forward to hearing if you have any further questions.
Kind regards,
Lawrence.
Hi,
I just wanted to touch base with you and see if you were able to find a workaround setting up your Azure AD app registrations across many Octopus Instances here.
We were able to experiment with this setup further and found that it’s possible to modify the manifest of an App Registration directly, allowing you to add multiple replyUrls. This approach could relieve some administrative overhead. I believe Azure also has some Azure PowerShell Cmdlets (possibly Set-AzureADApplication could work here) to modify the Azure Applications to create these problematically.
I look forward to hearing if this was helpful here.
Kind regards,
Lawrence.