1.3.2 Configuring Auth

The very first thing to configure with Concourse is how users will log in, and what those users should be able to do.

This is configured in two separate tiers:

  • Authentication, how users identify themselves, is configured on the web node.

  • Authorization, how user access is determined, is configured on each team.

Concourse currently supports the following auth methods:

Table of contents:
  1. Local User auth
  2. GitHub auth
  3. GitLab auth
  4. BitBucket Cloud auth
  5. CF/UAA auth
  6. LDAP auth
  7. Microsoft auth
  8. Generic OIDC auth
  9. Generic oAuth
  10. Generic SAML auth

Any number of providers can be enabled at any one time. Users will be given a choice when logging in as to which one they would like to use.

Concourse uses a fork of Dex for its authentication. You can find additional documentation on the supported auth providers in the Dex connectors documentation.

Adding a new auth provider to Concourse is as simple as submitting a pull request to our fork of Dex and then adding a bit of configuration to the skymarshal component.