Sajeeve - GoCD has LDAP/AD *authentication* support built into it. That means, you can connect it to an LDAP server and use it to allow people to log in. The username and password you provide is used to bind using LDAP and make sure that you're a valid user. The documentation for this is here <https://docs.gocd.org/current/configuration/dev_authentication.html> and here <https://github.com/gocd/gocd-ldap-authentication-plugin>.
With the LDAP *authorization* plugin, part of commercial support offering, along with doing *authentication* like the built in one, it allows you to do role management using LDAP. A simple example would be "I want all admins defined in AD, to be GoCD admins" or "I want everyone in AD group XYZ to be part of the GoCD role ABC". This allows you to manage GoCD roles in a central place, that is your LDAP/AD server. If you remove someone from an Active Directory group, they will be removed from the GoCD role. It's easier for bigger organizations to manage roles in one place. The documentation for this is here <https://extensions-docs.gocd.org/ldap/current/>. As you can see from the examples <https://extensions-docs.gocd.org/ldap/current/examples/>, it allows you to configure it in quite complex ways. On Wednesday, January 17, 2018 at 10:38:40 PM UTC+5:30, Sajeeve M wrote: > > We would like to manage out gocd users at a group level . Looks like > the roles (admin , etc ) is allowed to be set at a user level > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
