Jenkins System User Management: Built‑in Database, LDAP, GitLab and GitHub SSO

Chapter 4 Jenkins System User Management

In Jenkins Manage Jenkins → Global Security Configuration you can set authentication and authorization strategies. Before changing settings, back up ${JENKINS_HOME}/config.xml and test changes in a non‑production environment.

1.1 Jenkins Built‑in User Database

Navigate to System Management → Security → Manage Users to add, delete, or modify users. Creating a user (e.g., zeyang ) stores its data under ${JENKINS_HOME}/users as a folder named after the user and a config.xml file containing the user’s properties.

[root@zeyang-nuc-service users]# ls
admin_3285798656405222668  users.xml  zeyang_1686679553273142732

The config.xml holds XML entries such as password hash, email address, and plugin‑specific properties. Updating the user via the web UI rewrites this file.

1.2 LDAP Authentication Integration

LDAP provides centralized user management. Required connection details include server address (e.g., ldap://192.168.1.200 ), port (389), base OU (e.g., ou=jenkins,dc=devops,dc=com ), and a query‑capable bind user (e.g., cn=admin,dc=devops,dc=com ). Install the LDAP plugin, then configure these values in the global security page and test the connection.

1.3 GitLab Single Sign‑On

To avoid repeated logins, configure GitLab as an SSO provider. In GitLab create an application with the Jenkins callback URL http://jenkinsserver:8080/securityRealm/finishLogin and grant the read_user scope. Record the generated Application ID and secret.

In Jenkins install the Gitlab Authentication plugin, go to Global Security, and fill in the GitLab server URL, Application ID, and secret. After saving, Jenkins will redirect users to GitLab for authentication.

1.4 GitHub Single Sign‑On

GitHub SSO follows the same pattern: create an OAuth App in GitHub (Developer Settings → OAuth Apps) with the same Jenkins callback URL, then note the Application ID and secret.

Install the Github Authentication plugin in Jenkins, navigate to Global Security, and provide the GitHub server URL, Application ID, and secret. After configuration, users can log in via GitHub.

Both GitLab and GitHub SSO may require adjustments when Jenkins sits behind a proxy; ensure the redirect URL uses http (or https as appropriate) and that proxy settings allow the authentication flow.

With these steps, Jenkins user authentication is fully configured and ready for further permission management.