However, the Octopus ID login UI is still the default challenge, as opposed to Azure AD directly.
Is there any way I can test my Azure AD authentication is working before turning off Octopus ID, and risk rendering this Octopus instance inaccessible if Azure AD auth does not work first time?
Unfortunately when using a Cloud instance you will be unable to disable the Octopus ID login form, as this requires access to the Octopus.Server.exe. We have some documentation on this if you haven’t gotten the chance to view it yet.
We do have a UserVoice page which you can request features if you want, this gets looked at by our engineers and your suggestion may get implemented if there is enough public votes on it, having an option to disable the forms may be a good option, the engineers could achieve that via the UI for Octopus Cloud users instead of through Command Prompt perhaps?
With regards to your question on whether you can create new users automatically in Octopus without having to send invites. This can be achieved within the AzureAD settings page, there is an option to allow auto user creation. With this enabled then the user reaches the cloud instance login page and clicks the Sign in with Microsoft option. It will reach out to AzureAD and if it finds a match automatically generates the user in octopus.
I am sorry I could not have been more help today but I hope I have answered all of your questions, please let me know if I can do anything else for you in the meantime,
So it appears that configuring and enabling Settings → AzureAD in an Octopus Cloud instance (where Octopus ID is on by default and cannot be turned off I see) does not change any authentication behaviour at all on the cloud instance? Can you confirm this?
Maybe at intial setup I had the option of AzureAD as opposed to Octopus ID, I can’t remember?
With AzureAD now configured I still have to send invites, and user’s are taken to the Octopus ID login page as before…
We are about to upgrade to a paid instance and it is still early days, so starting a new instance and copying everything across at this point is possible option…
I have reached out the the rest of the team, and found that a recommended option is to enable Allow Auto User Creation in Configuration → Settings → AzureAD.
This allows Users the ability to use their Azure AD account just by clicking the Sign in with Microsoft button and following the Microsoft login process. If they are a new user Octopus will automatically create a User account once the Microsoft login process is completed and shouldn’t be a need to send an invite to your users.
Each new user account will be given the Everyone team by default, this means you will need to assign new users to the correct teams. This can be configured to be done automatically if preferred by following the documentation listed here.
I hope this helps, please let me know if I can do anything else for you.
Hmm, it looks like this is not the case… Brand new users on the instance can’t just navigate to instance.octopus.app and login via Microsoft. Invites are still needed.
Thanks for your response, I have done some testing on our test environment but cant reproduce the issue. Please could you just confirm from the images below which login your users are using?
