Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-51657

limit authentication to github organization

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      It's important to be able to limit the login for only those from an organization.

      This eliminates the need of manually disabling accounts of people who doesn't work at the company anymore. If their account is removed from the github org, they can't login to jenkins anymore.

        Attachments

          Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. JENKINS-46962 Github Users Outside Organisation get an authenticated user in Jenkins.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

            Activity

            Ascending order - Click to sort in descending order
            Hide
            Permalink
            vitaly_il Vitaly Karasik added a comment -

            Agree, current behaviour  is unsecure - every GitHub user can authenticate.

            I suggest to raise priority of this issue.

            Show
            vitaly_il Vitaly Karasik added a comment - Agree, current behaviour  is unsecure - every GitHub user can authenticate. I suggest to raise priority of this issue.
            Hide
            Permalink
            markstosberg Mark Stosberg added a comment -

            I agree the current default is a major security issue. It's reasonable to expect that logins are restricted to an organization by default. Since anyone can sign up for a free Github account, the current default is essentially to allow public access to Jenkins-- NOT SECURE.

            Show
            markstosberg Mark Stosberg added a comment - I agree the current default is a major security issue. It's reasonable to expect that logins are restricted to an organization by default. Since anyone can sign up for a free Github account, the current default is essentially to allow public access to Jenkins-- NOT SECURE.
            Hide
            Permalink
            brandonshough Brandon Shough added a comment -

            Agree - This should be addressed so that only a specific organization can even login.

            Show
            brandonshough Brandon Shough added a comment - Agree - This should be addressed so that only a specific organization can even login.
            Hide
            Permalink
            sag47 Sam Gleske added a comment -

            Duplicated by JENKINS-46962

            Show
            sag47 Sam Gleske added a comment - Duplicated by JENKINS-46962

              People

              Assignee:
              sag47 Sam Gleske
              Reporter:
              samueloph Samuel Henrique
              Votes:
              3 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: