Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-51657

limit authentication to github organization

    XMLWordPrintable

Details

    Description

      It's important to be able to limit the login for only those from an organization.

      This eliminates the need of manually disabling accounts of people who doesn't work at the company anymore. If their account is removed from the github org, they can't login to jenkins anymore.

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. JENKINS-46962 Github Users Outside Organisation get an authenticated user in Jenkins.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Activity

            Ascending order - Click to sort in descending order
            vitaly_il Vitaly Karasik added a comment -

            Agree, current behaviour  is unsecure - every GitHub user can authenticate.

            I suggest to raise priority of this issue.

            vitaly_il Vitaly Karasik added a comment - Agree, current behaviour  is unsecure - every GitHub user can authenticate. I suggest to raise priority of this issue.
            markstosberg Mark Stosberg added a comment -

            I agree the current default is a major security issue. It's reasonable to expect that logins are restricted to an organization by default. Since anyone can sign up for a free Github account, the current default is essentially to allow public access to Jenkins-- NOT SECURE.

            markstosberg Mark Stosberg added a comment - I agree the current default is a major security issue. It's reasonable to expect that logins are restricted to an organization by default. Since anyone can sign up for a free Github account, the current default is essentially to allow public access to Jenkins-- NOT SECURE.
            brandonshough Brandon Shough added a comment -

            Agree - This should be addressed so that only a specific organization can even login.

            brandonshough Brandon Shough added a comment - Agree - This should be addressed so that only a specific organization can even login.
            sag47 Sam Gleske added a comment -

            Duplicated by JENKINS-46962

            sag47 Sam Gleske added a comment - Duplicated by JENKINS-46962

            People

              sag47 Sam Gleske
              samueloph Samuel Henrique
              Votes:
              3 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: