In the documentation for Active Directory authentication, it doesn’t look like it’s possible to change which domain controller Octopus should use for authentication.
It seems like it defaults to the domain controller the server is a member of, and that’s it. We have several domain controllers and would like the server to belong to another domain than the one users authenticate with. Is this at all possible?
Hi,
Thanks for reaching out (and for re-submiting your question after it was closed in github)
Currently (v 3.3.10) Octopus can only use the AD domain of the server that it is hosted on. It is not currently possible to set a different AD domain for authentication.
It is though in our backlog: https://github.com/OctopusDeploy/Issues/issues/1737 (even though the ticket was closed, we still plan on doing it). We just don’t have an estimate date/version for it.
Sorry for the crappy news.
Regards,
Dalmiro
Ok, thanks.
Hi. As I understand, this was implemented in version 3.5 of Octopus Deploy. Can you please link to the relevant parts of the documentation explaining how this is configured?
Hi,
The fixes for authenticating users across Trusted Domains didn’t make it into 3.5, it has however subsequently been addressed and was released in 3.7.7.
There is now some information about using Trusted Domains on the documentation page you originally linked to, including a link to information about how to use groups from trusted domains, but essentially if the domain your server is a member of trusts the domain your users are in then the users should be able to authenticate.
Octopus Deploy will automatically create user records for the users the first time they authenticate, or you can create them in advance. Remember that if you are creating them in advance you must specify their username in UPN format (e.g. username@domain) and/or specify their email address so Octopus can recognize them correctly when they login.
Hope that helps and if you have any further questions just let me know.
Regards
Shannon