Mixed login authentication

Hi,

My team want to try and have mixed logins in octopus, using both AD-accounts as well as local octopus-created accounts. Currently we’re using AD-accounts only and when creating a local account it won’t let us log in with it even after giving it permissions and it saying that the user is active and able to log in.

What we want is;
AD-account [domain]/ludvig
and
Octopus created account ludvig.

I read a thread from 2018 regarding the same problem where it was concluded that it isn’t possible to do, has this changed? And how would I perform this change?

Best
Ludvig

Hey @bds,

Thank you for contacting Octopus Support and welcome to the forums.

You can indeed have mixed mode authentication working in Octopus however it may not be as you are thinking.

Octopus uses the email of the Octopus Account and marries that up with AD, if the account does not have an email address it uses the username and matches that up with the SAM account name in AD. You can also create an account and add an AD login manually to that account via the accounts Active Directory section.

So, you can use the forms option to login with ludvig but that will grab the username of the ludvig account, see its associated with an AD login, it will then search in AD for that user and will log them into their account.

We have some more detail on how this works here.

If you want them to have a separate account in Octopus which is not linked to AD you would have to name it differently (ie ocotoludvig) and then logon via the forms option. As long as you do not have an email address in that account or the username does not match a user in AD it wont go to AD to authenticate with and will log you on locally.

You can see I have three accounts in my on-prem setup, one is an AD linked account (octoadmin) and the other two are local accounts.

image

For my domain account you can see its linked to AD, so if I sign in through forms using octoadmin it will pull the AD account:

My test account is not linked to AD so if I sign in with ‘test’ on the forms option that will allow me to logon locally, I have no test account in AD and that account does not have an email associated with it:

So if you have forms enabled and also username and password enabled:
(Configuration > Settings > Username/Password - Is enabled = Yes)
you should be good to go.

Give it a try with a test account and let me know how you get on.

Kind Regards,
Clare

Hello Clare,

Thank you, this worked perfectly!

Hey @bds,

No problem, glad I could help, reach out in future if you need any further advice or help with an issue you come across as we love to help here at Octopus Support.

Kind Regards and Happy Deployments!
Clare