Skip to content
fDeploy Documentation

Authentication

fDeploy Server supports multiple authentication methods to fit different organizational needs. You can use one or more of the following methods simultaneously:

  • Local accounts — Username and password managed directly by fDeploy Server
  • Domain accounts — Active Directory integration for organizations using Windows domain infrastructure
  • OpenID Connect (OIDC) — Integration with external identity providers via the OpenID Connect protocol

Sign-in experience

When navigating to fDeploy Server, users are presented with a sign-in screen where they can choose their preferred authentication method.

The sign-in screen dynamically shows the available authentication options based on the server configuration:

  1. Sign in with a local account — always available
  2. Sign in with a domain account — shown when Active Directory is configured
  3. Sign in with {Provider} — shown when an external OIDC provider is configured (the button label matches the configured display name)

Session management

fDeploy Server uses cookie-based sessions with a configurable timeout and optional sliding expiration. By default, sessions expire after 12 hours with a sliding window, meaning your session is automatically extended as long as you remain active. Administrators can adjust these settings in the session settings page.

Team-based access control

fDeploy uses team-based role-based access control (RBAC) to manage user permissions. Users are organized into teams, and each team is granted one or more roles — optionally scoped to specific projects or environments. Teams can be managed from the teams page.

Configuring authentication providers

Directory (LDAP) and external OIDC authentication settings can be managed directly from the web interface. Navigate to Configuration → Authentication to configure providers, or see the authentication settings documentation for details.

Emergency recovery

If all authentication providers are misconfigured and you are unable to sign in, you can force-enable local authentication by setting the environment variable FDEPLOY_FORCE_LOCAL_AUTH to true before starting the fDeploy Server service. This bypasses the configured authentication settings and ensures local sign-in is available so you can regain access and correct the configuration.