I have been using Azure AD sign-on via enabling Octopus ID auth in Settings → Octopus ID at a client’s Octopus cloud instance (Flash Mobile Vending).
I would now like to switch them to a single sign on experience with Azure AD auth only, so that Octopus users
- don’t need to login via the Octopus ID UI (and know that they need to click on the Microsoft login button)
- users are automatically redirected to the Azure AD authentication UI experience to login to Octopus
- new users are automatically created in Octopus and I don’t have to send out invites
Note that I manage Octopus Teams inside Octopus and don’tneed to map roles from Azure AD.
So, I’ve enabled Azure AD auth in Settings → AzureAD, and done the necessary setup as per Azure Active Directory authentication - Octopus Deploy
I’ve enabled Settings → Auth → Auto login.
However, the Octopus ID login UI is still the default challenge, as opposed to Azure AD directly.
Is there any way I can test my Azure AD authentication is working before turning off Octopus ID, and risk rendering this Octopus instance inaccessible if Azure AD auth does not work first time?
Thanks for reaching out to us today.
Unfortunately when using a Cloud instance you will be unable to disable the Octopus ID login form, as this requires access to the Octopus.Server.exe. We have some documentation on this if you haven’t gotten the chance to view it yet.
We do have a UserVoice page which you can request features if you want, this gets looked at by our engineers and your suggestion may get implemented if there is enough public votes on it, having an option to disable the forms may be a good option, the engineers could achieve that via the UI for Octopus Cloud users instead of through Command Prompt perhaps?
With regards to your question on whether you can create new users automatically in Octopus without having to send invites. This can be achieved within the AzureAD settings page, there is an option to allow auto user creation. With this enabled then the user reaches the cloud instance login page and clicks the
Sign in with Microsoft option. It will reach out to AzureAD and if it finds a match automatically generates the user in octopus.
I am sorry I could not have been more help today but I hope I have answered all of your questions, please let me know if I can do anything else for you in the meantime,
Thanks for your speedy response.
So it appears that configuring and enabling Settings → AzureAD in an Octopus Cloud instance (where Octopus ID is on by default and cannot be turned off I see) does not change any authentication behaviour at all on the cloud instance? Can you confirm this?
Maybe at intial setup I had the option of AzureAD as opposed to Octopus ID, I can’t remember?
With AzureAD now configured I still have to send invites, and user’s are taken to the Octopus ID login page as before…
We are about to upgrade to a paid instance and it is still early days, so starting a new instance and copying everything across at this point is possible option…
Thanks for your response.
I have reached out the the rest of the team, and found that a recommended option is to enable
Allow Auto User Creation in Configuration → Settings → AzureAD.
This allows Users the ability to use their Azure AD account just by clicking the
Sign in with Microsoft button and following the Microsoft login process. If they are a new user Octopus will automatically create a User account once the Microsoft login process is completed and shouldn’t be a need to send an invite to your users.
Each new user account will be given the
Everyone team by default, this means you will need to assign new users to the correct teams. This can be configured to be done automatically if preferred by following the documentation listed here.
I hope this helps, please let me know if I can do anything else for you.
Hmm, it looks like this is not the case… Brand new users on the instance can’t just navigate to instance.octopus.app and login via Microsoft. Invites are still needed.
Thanks for your response, I have done some testing on our test environment but cant reproduce the issue. Please could you just confirm from the images below which login your users are using?
Please could you also confirm that the redirect url in azure is set correctly using the documentation.
For example it should look like something similar to
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.