External authentication available in hybrid mode (Identity Federation - Microsoft Entra ID / Username and password)

SHOW ALL CONTENT

Table of contents

Introduction

External authentication available in hybrid mode (Identity Federation - Microsoft Entra ID / Username and password).

This hybrid mode allows certain “external” users who are not present in the Identity Federation - Microsoft Entra ID to authenticate on the Web portal with a username and password.

Prerequisites

The web portal must be configured with SSO authentication mode to offer hybrid login.

For more information on the Identity Federation - Microsoft Entra ID, see the article here.

Hybride mode operation

This hybrid mode allows certain “external” users who are not present in the Identity Federation - Microsoft Entra ID to authenticate on the Web portal with a username and password.

Once this option has been activated, a new “External” checkbox will be visible in the Octopus client user file (Windows version).

Only users identified as “External” will be able to authenticate to the web portal with a username and password, even if SSO authentication is configured for other users.

 

Octopus configuration 

Once hybrid mode has been activated, in order to authenticate to your Web portal with a User Name / Password, you will need to

1. Identify which user(s) can connect in this mode by checking the “External”.

* Only an Octopus administrator can modify the “External” option of a user, you must have the permission: General - Administer Octopus.


2. Distribute the “special” Web portal URL to the users concerned. This link will be sent to you after the activation by our ServiceDesk.

Using this link, people identified as external will be able to log in to the web portal with username and password.  


3. Enter username/password for an external user 
    If the password has not been set or has been forgotten, the user can reset it via the web portal login page.

* To test it, you can open a browser in private mode.

 

NOTE : 

To benefit from this feature, please send your configuration change request to the Octopus ServiceDesk, a DAZZM solution. 

This request must be placed by an Octopus administrator contact with permissions for all teams, as this feature will affect ALL teams.


Option name : Claims.IsExternalLoginAllowed

 

Other complementary option

If required, hybrid mode can be combined with the "Register to this service” feature.
When the “Register for the service” option is activated and it is possible to create a new user, this will automatically be considered an “External” user.
 

The "Register to this service" feature is not a prerequisite for activating Web portal authentication in hybrid mode.

If the “Register to this service” option is not active, the “External” field in the user's record will have to be managed manually by an Octopus administrator. This configuration is recommended when the customer needs to manage a limited number of “External” users, such as selected collaborators or suppliers.

 

X
Help us improve our articles