It seems like it defaults to the domain controller the server is a member of, and that’s it. We have several domain controllers and would like the server to belong to another domain than the one users authenticate with. Is this at all possible?
Thanks for reaching out (and for re-submiting your question after it was closed in github)
Currently (v 3.3.10) Octopus can only use the AD domain of the server that it is hosted on. It is not currently possible to set a different AD domain for authentication.
Hi. As I understand, this was implemented in version 3.5 of Octopus Deploy. Can you please link to the relevant parts of the documentation explaining how this is configured?
The fixes for authenticating users across Trusted Domains didn’t make it into 3.5, it has however subsequently been addressed and was released in 3.7.7.
There is now some information about using Trusted Domains on the documentation page you originally linked to, including a link to information about how to use groups from trusted domains, but essentially if the domain your server is a member of trusts the domain your users are in then the users should be able to authenticate.
Octopus Deploy will automatically create user records for the users the first time they authenticate, or you can create them in advance. Remember that if you are creating them in advance you must specify their username in UPN format (e.g. username@domain) and/or specify their email address so Octopus can recognize them correctly when they login.
Hope that helps and if you have any further questions just let me know.