Good morning,
I’ve recently setup my Octopus server and have been using an admin account for my initial configurations. I’m now in a position where I want to begin inviting my team members.
It’d be great if we could us the Windows Auth / Active Directory for logins. I notice there is a link on the login page which says ‘Sign in with your Microsoft Windows domain account’. Unfortunately when I click on that, it takes me to the ‘/integrated-challenge’ page, but then just returns me to the users sign in page again.
Is this the expected behaviour? I’d have thought this would have logged me in directly with my windows credentials. Are there some additional setup steps I need to perform to permit this functionality?
If it’s any help, when I go to add users, I can add users from my AD with no problems, and they can login with their credentials if they manually type them in, but I would have thought it should happen automatically unless I’m misunderstanding.
Any pointers would be a great help.
Kind Regards.
Doug
Hi Doug,
Thanks for getting in touch! As you first configured Octopus to use user/pass you will have to change the settings to AD.
The above linked doco page shows you how to change to AD auth instead.
Some customers need the following to get AD working properly others it just works, so ill leave this here for extra reading in case:
http://docs.octopusdeploy.com/display/OD/Specifying+a+custom+container+to+use+for+AD+Authentication
Hope that helps!
Vanessa
Thanks for the info Vanessa,
I’ve followed the steps suggested and changed to AD auth, this seems to have worked to a certain extend (I can login with my AD credentials) but I still have to enter them manually.
I’ll make a point of reading the extra link you said later on today, but I wanted to check whether or not, needing to enter my AD details manually is expected behaviour or not?
Cheers,
Doug
Hi Doug,
Just to be clear. When you talk about not needing to put in your credentials, do you mean click the link on the login page “sign in with your Microsoft Windows Domain Account”? or do you mean remember you when you open Octopus if you have previously logged in?
For the former, this is never 100% even if you have AD configured and can put in your details as some AD servers just have a configuration that does not allow this access, sometimes adding the container will help. If you mean the latter you can ask it to remember you and you should not have to continually log in.
Let me know if I have jumped in the wrong direction here.
Vanessa
HI Vanessa,
I mean that the login page still appears asking for my credentials each time I load the site I see the ‘Welcome, please sign in’ box, with the ‘Sign in with your Microsoft Windows domain account’ option, but when I click on that I just get returned to the ‘Welcome, please sign in page’ again.
If I manually type my AD credentials and click ‘Sign in’, it logs me in ok.
I was expecting that if I just load http://server/OctopusDeploy/app#/users/sign-in/ that I would just be forwarded straight through to http://server/OctopusDeploy/app#/ without a challenge. If I have to enter my details manually each time it’s not the end of the world but I would need to manage expectations when I try to sell the tool to the team.
We have some other AD apps on the network which just go straight through if that helps at all.
Hope that makes sense!
Cheers,
Doug
Hi Doug,
No that isn’t the desired experience we want to happen. Did you try adding the container ?
Vanessa