Details
-
Type:
New Feature
-
Status: Closed (View Workflow)
-
Priority:
Minor
-
Resolution: Duplicate
-
Component/s: github-oauth-plugin
-
Similar Issues:
Description
It's important to be able to limit the login for only those from an organization.
This eliminates the need of manually disabling accounts of people who doesn't work at the company anymore. If their account is removed from the github org, they can't login to jenkins anymore.
Attachments
Issue Links
- duplicates
-
JENKINS-46962 Github Users Outside Organisation get an authenticated user in Jenkins.
-
- Open
-
Activity
I agree the current default is a major security issue. It's reasonable to expect that logins are restricted to an organization by default. Since anyone can sign up for a free Github account, the current default is essentially to allow public access to Jenkins-- NOT SECURE.
Agree - This should be addressed so that only a specific organization can even login.
Brandon Shough
added a comment - Agree - This should be addressed so that only a specific organization can even login. Duplicated by JENKINS-46962
Sam Gleske
added a comment - Duplicated by JENKINS-46962 
Agree, current behaviour is unsecure - every GitHub user can authenticate.
I suggest to raise priority of this issue.