I like to get feedback on best practices on Automating Access Management to provide user access to Jenkins. My thoughts here is to create a Jenkins job that an admin can execute that looks up a table of users and executes thereby giving each users the appropriate access rights.
Key points: - Where should this look up table reside? In Git? As a Jenkinsfile? - How to automate this? - If the user in removed from this file, then executing the job will in effect remove the user from access. - This same file can latter be use for access to other systems
If anyone can point me to same examples that would be greatly appreciated.
I strongly recommend not to roll your own user authentication methods - this is why LDAP or other SSO solutions exist.
If you do not have access to Active Directory or LDAP you can download ApacheDS and create a directory to store users there pretty easily. This has the added benefit of being able to authenticate other services so your users only need to remember one username and password.
If you do have a corporate directory you can test connecting using your own credentials and the Jenkins LDAP Plugin. If you are planning on having 1000's of users or require high uptime you probably should investigate using Active Directory or a cloud based LDAP solution for HA.