So I know you can assign AD groups to Teams inside Octopus Server but here’s my question:
What’s the best practice for configuring Octopus to switch to using AD groups instead of AD users? Should you create the necessary new AD groups, put the right users in, add the group(s) to the right Team in Octopus, then remove all of the individual users from Octopus and turn off automatically add users?
Or does Octopus continue to add, or require, individual users even if you’re trying to use AD security groups?
Sorry if this might be a stupid or basic question - I’m just taking over managing this application and this is one of the things that need to be cleaned up (I just upgraded it to the nearly-latest version from 2019.6.0). Any advice or pointers from anyone are appreciated.
Test logging in as a user within the group, to ensure that things look as expected.
Set your Octopus Deploy Active Directory configuration to use the group created in step 1, disable automatic user creation, and ensure Security Groups Enabled is set to Yes (see screenshot below).
Test that you are still able to log in as a user in the group, and also verify that a new user is unable to log in via Octopus Deploy.
Remove any non-relevant users from Octopus Deploy.