azure-templatesjenkins

Configure Jenkins matrix authorization

NOTE: Matrix authorization is enabled by default for Bitnami Jenkins v2.57 and higher. The steps below need to be manually performed for versions prior to v2.57.

The Bitnami Jenkins Multi-Tier solution on Microsoft Azure now uses the Jenkins swarm plugin (and/or Jenkins matrix authorization) for connecting the slaves to the master. This improves the security of the Jenkins slave configuration.

Current installations of the Bitnami Jenkins Multi-Tier solution on Microsoft Azure can be updated by taking the following actions

  • Create a new user account that can be used for administrative operations.
  • Enable Jenkins matrix authorization
  • Restrict the privileges for the existing administrative user account.

Follow the steps below:

  • Log in to Jenkins using the existing administrative user account credentials.

  • Navigate to the “Manage Jenkins -> Manage Users” page.

  • Select the “Create User” option.

  • Enter a username, password, name and email address to create a new user. This will become the new administrative user. In the image below, the user is named admin.

    Jenkins user account creation

  • Save the new account.

  • Navigate to the “Manage Jenkins -> Configure Global Security” page.

  • In the “Access Control -> Authorization” section, select “Matrix-based security”.

    • In the “User/group to add” field below the matrix, enter the existing administrative user account and click “Add”.

    • Ensure that all privileges are disabled for this user except Overall (Read) and Agent (Build, Configure, Connect, Create, Delete, Disconnect).

    • In the “User/group to add” field below the matrix, enter the new administrative user account created above (in this example, admin).

    • Ensure that all privileges are enabled for this user.

      The end result should look like the image below:

      Jenkins matrix security

  • Click “Save” to save and apply the changes.

To verify your changes, log out of Jenkins and log back in as the newly-created administrative user. Run a job in a slave to ensure that everything is working correctly.

Last modification September 5, 2018