How to manage Jenkins project's authorization using Active Directory users and groups?
I have Jenkins installed plus the Active Directory plugin. I can succesfully log in with domain accounts and I have set 'Domain Admins' to have full control over Jenkins. I would like to remove some overhead managing who can access which projects and delegate this to projects managers.
I was planning on doing this by creating project bases AD groups and make the project manager the owner of this group. Then I would create an Exchange distribution group based on that AD group. This way the project manager can define who is a member of this group through Outlook or Outlook Web Access just by removing/adding people to the mailing list
I am trying to find where to set the authorized AD group to a Jenkins project, but there seems to be no such option. Do I need some special plugins or where can I set the AD group that can access a project?
Finally I would do an admin Jenkins job that would create an AD group under OU=Projects,CN=ProjectX. Make some user own it and then create a Jenkins project with the freshly created group and project name data.
I have not used Active Directory plugin but this may be what you're looking for: Go to Jenkins > Manage Jenkins > Configure Global Security > Enable security (Enable check-box). Now in Authorization section, select Project-based Matrix Authorization Strategy if you want to provide access separately on per-project basis.
So, once you select Project-based Matrix Authorization Strategy, you will have to go to job's configuration page and select Enable project-based security option (refer screenshot below). There you can specify the users who will have access to the given job.
You should also go through comments (especially one by 'pcampbell') on this link. It might help.
- Triggering a Job on start up in Jenkins
- Sonarqube: Missing blame information for the following files
- Jenkinsfile Throws docker: not found in Jenkins Running on Docker for CI/CD of Spring Boot Project
- Where can I find jenkins restful api reference?
- Throw TestContainers issue in Jenkins for CI/CD in Spring Boot on Windows (Can not connect to Ryuk at 172.17.0.1: port_number)
- Jenkins and JFrog Artifactory - artifacts are not deleted after "maxBuilds"
- While building a git project from jenkins it shows an error like couldn't find any revision to build
- How to set Jenkins ci/cd
- Hudson : "yes: standard output: Broken pipe"
- Can I let Jenkins stage view result rows show more than 10
- Replaceall JSON in Groovy for Jenkins
- build now option is not coming for job in jenkins
- Mass disable jenkins jobs
- How to populate author, branch, commit, message in Cypres Dashboard in CI with Jenkins?
- How can I get the started user inside Jenkins Job even in downstream project?
- MSTest .trx file display using Xunit Plugin and Jenkins Piepline
- Groovy read file line by line and store it into list
- Override rpmbuild build location when called from command line
- How to separate Jenkins report of Cypress tests from "(root)" to browser's name?
- Jenkins - How to Create Dynamic Parallel Stages?
- "npm run build" = "react-scripts: Permission denied"
- Not serializable error for jenkins declarative pipeline
- How to start Jenkins server on OSX on boot
- enable https jenkin server on ubuntu 24.04
- How do I pass variables between stages in a declarative Jenkins pipeline?
- Cleanup Jenkins home directory
- Jenkins - Preventing jobs from using a particular slave
- Maven dependencies are failing with a 501 error
- Displaying announcement on all Jenkins pages
- How to reset Jenkins Admin account password? I am running Jenkins in Docker in windows