Support for OIDC authentication is currently being rolled out to Octopus Cloud customers.
It will be included in the Octopus 2025.4 release for self-hosted customers.
Configure Microsoft Entra ID
How to configure Microsoft Entra ID
Configure Octopus Server
- Navigate to Configuration ➜ Settings ➜ OpenID Connect and populate the following fields:
- Enabled should be set to
Yes. - Role Claim Type is optional, but set this to
rolesif you want to automatically assign users to teams. - Username Claim Type set to
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn. - Resource should be left unset.
- Scopes should be left as the default of
openid profile email. - Display Name can be used to customize the appearance of the button on the Octopus Deploy login screen. Use a name that your users will recognize for this identity provider.
- Issuer should be a URL like
https://login.microsoftonline.com/GUIDwhere theGUIDis a particular GUID identifying your Microsoft Entra ID tenant. This is the Directory (tenant) ID in the Azure App Registration Portal. - Client ID which should be a GUID. This is the Application (client) ID in the Azure App Registration Portal.
- Client Secret which should be a long string value. This is the Value of a client secret in the Azure App Registration Portal.
Note that the value of Client Secret cannot be retrieved once set - it can only be changed or deleted
- Allow Auto User Creation determines if Octopus Deploy should automatically create user accounts, or only allow authentication for users that already exist in Octopus Deploy.
- Enabled should be set to
- Click Save to apply the changes.
- If you sign out of Octopus Deploy, you should now see a new button on the login screen to authenticate with the OIDC provider.
Help us continuously improve
Please let us know if you have any feedback about this page.
Page updated on Wednesday, November 5, 2025