Octopus permissions using AD groups does not work if group contains member from another forest.
If the user is added directly to octopus it gets the permissions.
if user from the same domain as octopus and the AD group is based, then everything works fine.
forests have full trust.
1.Octopus server is in Forest1\domain1
2. AD group created in Forest1\domain1
3. User created in Forest2\domain2 and added to group in Forest1\Domain1
Thanks for getting in touch. This is known issue which we already have logged in github: https://github.com/OctopusDeploy/Issues/issues/1601
For 3.4 we are planning on doing some hard work on our AD support, which will include this scenario and a couple more https://github.com/OctopusDeploy/Issues/issues/1737
Until then, one of the 2 workarounds suggested by you will have to do.
what did you had in mind? 1.2.3 steps is how its configured currently and its not working as the goal is to assign permissions in octopus using AD group which is created in the same domain as octopus server, but it contains user accounts from trusted domain.
Sorry for the misunderstanding. I was talking about the 2 workarounds you mentioned:
If the user is added directly to octopus it gets the permissions and
if user from the same domain as octopus and the AD group is based, then everything works fine
As mentioned on my previous reply, the actual scenario you are looking for is something we’re gonna try to support once we start working in 3.4