How to map Octopus built-in roles with Azure AD groups in OctopusTeams

Hi ,

I am Prabhjot. I am integrating Azure AD with Octopus.
Query with example:
Suppose we have 2 project teams - Team A and Team B. Each team is having 1 admin, 2 developers, 2 QA. So Azure groups will be Admin, Developers and Testers.

From Octopus side, we have 1 space - Space A in which 2 project groups - Project group A and project group B and now we have to map project group A to project team A and so on with Azure groups in Octopus teams. That is Team A members should not be able to view project group B and Team B should not be able to view project group A. How to do that?

Because in Azure groups all the project team members will combine (Admin - 2, Developers - 4, Testers - 4).

In Octopus teams we create octopus Developers and add the Azure Developers group but how to map with roles?


Hi Prabhjot,

Thanks for reaching out and welcome to the community!

Just to make sure I’m clear, are you wanting TeamA/Admins and TeamA/Developers to have different roles within Octopus? So TeamA/Admins can do some things that TeamA/Developers can’t? And similarly with TeamB/…?

If this is the case, the most straightforward way would be to create a TeamA-Admins, TeamA-Developers, and TeamA-Testers groups and similarly with TeamB. Then you can add these as External Groups in Octopus for the different teams you have configured. Each team is assigned UserRoles which will give that team the appropriate permissions needed.

If you haven’t seen it yet, you can read more about setting up Azure AD with Octopus here and creating teams here.

I hope this helps!

Thanks Mark!

To make this more clear!
suppose we have Developer AD group in which 2 developers are there(1 from team A and 1 from team B).
In octopus we have 2 spaces(space 1 and space 10). We have to map 1 developer to space 1 and 1 developer to space 10. How can we segregate at octopus level?


Hi Prabhjot,

You would probably be better off managing the segregation of the groups in Azure AD. You could keep your Developer AD group, but also add another group that includes the Space 1 developers. Then you could assign that group to the Team with the correct permissions you desire.

The other option would be to manually assign a user, such as Dev1 Team A, to the right Team within Octopus, but then you would be managing your AD users on a per user basis within Octopus which may not be ideal.

Octopus won’t be able to know how to segregate that Developer AD group without either creating a separate AD group that includes the members you want to map to a team, or managing them individually within Octopus.

I hope that helps!