How do I restrict Google Authentication to use only companies email?


On our Octopus Deploy Cloud Instance, we are using Google to log in using SSO. We will probably scale soon and the management of the platform (invite users, delete users, assign them to a team, etc) will be handled by another team. I would like to make sure that only users with be invited to use Octopus Deploy. Is it possible to configure this restriction?


Hey @nicolas.spencer , thanks for the question!

Taking a look at the process for setting up GoogleApps authentication, that should be managed on the Google side of things. Your hosted domain should be the determination on valid users of your Octopus instance.

While you’ll be able to invite users who are not from the domain, they won’t be authenticated users for your system.

If you have additional concerns, I would recommend creating a runbook that checks for users in your system with non-compliant email domains that can alert you if any users are found that don’t match your requirements. Like I mentioned above, it should be all validated via the Google configuration, but it’s nice to know you have additional auditing options should you need them!

Let me know if you have any other questions or need a hand with anything else.

1 Like