Search
Blog posts
Outage on octopus.com - report and learnings
Public incident report and our learnings about the octopus.com DNS disruption from January 25 – 26, 2023.
Loading...
Documentation
Active Directory authentication
Octopus Deploy can use Windows credentials to identify users.Specify a custom container for AD authentication
How to specifying a custom container to use for AD Authentication.Moving your Octopus Server to another Active Directory domain
the steps and considerations to move your Octopus Server from one Active Directory domain to another.Troubleshooting Active Directory integration
Information on troubleshooting common Active Directory integration issues.Authentication automation with OctopusDSC
Authentication automation resources with OctopusDSC.Automatic user creation
User can be automatically created using some providers.Azure Active Directory authentication
Octopus Deploy can use Azure AD authentication to identify users.GoogleApps authentication
Octopus Deploy can use GoogleApps authentication to identify users.Guest login
Octopus Deploy supports a guest login if enabled.Octopus ID authentication
Octopus Deploy can use Octopus accounts to identify users.Okta authentication
Octopus Deploy can use Okta authentication to identify users.Troubleshooting authentication problems
A guide for troubleshooting authentication problems in Octopus Deploy.Built-in Worker
The built-in worker is enabled by default in your Octopus Server. This is very convenient when getting started with Octopus, but comes with several security implications.Common security vulnerabilities and exploits
This section describes how Octopus Deploy prevents attackers from leveraging common vulnerabilities and exploits.Cross-Site Request Forgery (CSRF) and Octopus Deploy
Octopus Server actively prevents Cross-Site Request Forgery (CSRF) using anti-forgery tokens.SHA1 "Shattered" collision and Octopus Deploy
How the SHA1 "Shattered" Collision impacts Octopus DeploySpectre (Speculative Execution Side-Channel Vulnerabilities), Meltdown, and Octopus Deploy
How the Spectre (speculative execution side-channel vulnerabilities) and meltdown vulnerabilities impact Octopus DeployCross-Site Scripting (XSS) and Octopus Deploy
Octopus Server actively prevents Cross-Site Scripting (XSS) using a number of preventative measures.Data encryption
This section describes how Octopus Deploy encrypts sensitive data at rest.Exposing Octopus
You can keep your Octopus installation inside your corporate network, or you may want to expose it to the Internet. This section describes how to safely expose your Octopus installation and the security implications you should consider.Expose the Octopus Web Portal over HTTPS
How to expose the Octopus Web Portal securely over HTTPS.Let's Encrypt integration
Octopus can integrate with Let's Encrypt to setup and automatically renew the Octopus Portal SSL certificate.Use IIS as a reverse proxy for Octopus Deploy
How to set up IIS 7 (or later) as a Reverse Proxy for Octopus DeployFIPS and Octopus Deploy
Details of using Octopus Deploy in a FIPS compliant environment.Hardening Octopus
If you are hosting Octopus Deploy yourself, this guide will help you harden your network, host operating system, and Octopus Server itself. This includes things such as configuring malware protection (anti-virus), and utilizing allow lists.HTTP Security Headers
Describes the security related browser headers that Octopus supportsOctopus - Tentacle communication
Octopus Server and Tentacle communications details.How to use custom certificates with Octopus Server and Tentacle
How to use custom certificates with Octopus Server and Tentacle.Troubleshooting Schannel and TLS
Troubleshooting Octopus secure communication issues with Schannel and TLS.Can't find what you are looking for? You can also search our support forum.