Octopus permissions using AD groups does not work if group contains member from another forest

Hi,
Octopus permissions using AD groups does not work if group contains member from another forest.
If the user is added directly to octopus it gets the permissions.
if user from the same domain as octopus and the AD group is based, then everything works fine.
forests have full trust.
Descritpion:
1.Octopus server is in Forest1\domain1
2. AD group created in Forest1\domain1
3. User created in Forest2\domain2 and added to group in Forest1\Domain1

Hi,

Thanks for getting in touch. This is known issue which we already have logged in github: https://github.com/OctopusDeploy/Issues/issues/1601

For 3.4 we are planning on doing some hard work on our AD support, which will include this scenario and a couple more https://github.com/OctopusDeploy/Issues/issues/1737

Until then, one of the 2 workarounds suggested by you will have to do.

Best regards,

Dalmiro

what did you had in mind? 1.2.3 steps is how its configured currently and its not working as the goal is to assign permissions in octopus using AD group which is created in the same domain as octopus server, but it contains user accounts from trusted domain.

Hi,

Sorry for the misunderstanding. I was talking about the 2 workarounds you mentioned: If the user is added directly to octopus it gets the permissions and if user from the same domain as octopus and the AD group is based, then everything works fine

As mentioned on my previous reply, the actual scenario you are looking for is something we’re gonna try to support once we start working in 3.4

Best regards,
Dalmiro