Using AD groups?

So I know you can assign AD groups to Teams inside Octopus Server but here’s my question:

What’s the best practice for configuring Octopus to switch to using AD groups instead of AD users? Should you create the necessary new AD groups, put the right users in, add the group(s) to the right Team in Octopus, then remove all of the individual users from Octopus and turn off automatically add users?

Or does Octopus continue to add, or require, individual users even if you’re trying to use AD security groups?

Sorry if this might be a stupid or basic question - I’m just taking over managing this application and this is one of the things that need to be cleaned up (I just upgraded it to the nearly-latest version from 2019.6.0). Any advice or pointers from anyone are appreciated.

Hi @christopher.metzger,

Thanks for reaching out, I’d be happy to help with your questions on Octopus Deploy and Active Directory!

As far as the best practices approach for moving from individual users to group-based authentication via Active Directory, I would do the following:

  1. Create your Octopus Deploy group in Active Directory, adding any relevant users to this group.
  2. Set the group and permissions within Octopus Deploy.
  3. Test logging in as a user within the group, to ensure that things look as expected.
  4. Set your Octopus Deploy Active Directory configuration to use the group created in step 1, disable automatic user creation, and ensure Security Groups Enabled is set to Yes (see screenshot below).
  5. Test that you are still able to log in as a user in the group, and also verify that a new user is unable to log in via Octopus Deploy.
  6. Remove any non-relevant users from Octopus Deploy.

I would also make sure to have a local Octopus Deploy administrator account set up that you can access outside of Active Directory in case you run into any trouble where you are unable to log back in via AD.

With this configuration in place, only users in the appropriate AD group would be able to access Octopus Deploy.

I’ll also link our baseline documentation on Octopus Deploy and Active Directory, but let me know if you have any other questions.

Best regards,


1 Like

This is perfect thanks!

1 Like

Hi @christopher.metzger,

You’re welcome, I’m happy I could help!

Happy Deployments!


This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.