We are able to configure Octopus server to make use of the AD to authenticate the users. But, we see that Octopus allows “everybody” in the AD domain to login to Octopus though he gets a default blank dashboard. We were expecting that only the Admin (Specified during install/configure time) to be able to add users (picked from Domain) and those not added should NOT be able to login to Octopus server.
Please let me know if i can block users from logging into Octopus until i have added that user in the user list.
Thanks for reaching out. There’s currently no way to stop people from logging into Octopus and creating accounts with AD. Which kind of Octopus license do you have (Professional, Team, Enterprise)? If this is making you reach your users limit (only for Pro and Team), we can increase that limit for your license.
Hello guys, thanks for posting this topic as we recently came across the same concern. My question here though is, are there any plans to somehow tie-in or ask Octopus Deploy to “look into and allow” only the users/groups specified in the machine/server? It’s just that any user who is included in the Active Directory or domain and knows the server name can pretty much RDP and access OD with default blank dashboard and PCI Compliance/audit/user management perspective, it’s a bit troublesome to have to manually manage and explain those “extra” users when we had already setup specific groups that should only be able to access.
We created a uservoice suggestion to add support for white list login with AD groups. Please keep in mind that this doesn’t put this feature right in our road map, but at least its a way for us to know how many people would find this useful. If you’d like to see it implemented in the feature, please add some votes to it on the link below.