What is the benefit of implementing Active Directory based Security to servers like Jenkins

What is the benefit of implementing Active Directory based Security to servers like Jenkins?

The only benefit I can think is the admin of the sever does not need to add/remove users because user can login themselves using AD credential.

But In my case I do not want to have the whole company access my server. the server is only used by my team. How can I disable the whole company from login in. (case1)

Besides, I want to grant different permissions to different members in my team. The new members get less permission, the experienced team members get more permissions. I believe this is very common. But using Active Directory based Security looks like they get the same permission because they are in the same groups (case2)

So why should I use Active Directory based Security? Can I resolve the above two cases in a server configured with Active Directory based Security?

1 answer

  • answered 2019-02-12 05:26 Andrew Gray

    Some corporate environments make this a security requirement. In said environments they usually have an internal request system where users can request they have their credentials added to an appropriate group for access to Jenkins. This is better than Jenkins own database and having them email you, the Jenkins administrator.

    Once AD Authentication is configured in Jenkins and appropriate groups created in AD you can do a one-time setup of those groups with the Role-Based Strategy plugin in Jenkins and define what those groups have authorization to do.

    Plan your groups well and it is a function that you will no longer have to worry about.

    Warning: Be very careful when switching over from Jenkins own database user authentication to AD authentication. If you don't get the BindDN details just right you can get locked out.