TeamCity User Management Features

Get secure access to your CI server, pipeline configuration, build results, and more with TeamCity’s comprehensive user management options.

TeamCity Configuration as Code.

Easy and granular user access control

Define user roles and permissions with the level of granularity that your organization needs.

Multiple user authentication options

Use 2FA, SAML, and LDAP authentication methods, and log in to TeamCity using your version control system.

Advanced security options

Grant and manage permissions, keep track of individuals’ actions, or even enable anonymous access, all in line with your organization’s policies.

User permissions: managing access levels in TeamCity

With TeamCity, user permissions can be as straightforward or sophisticated as you want. Choose simple authorization to set the access levels – from administrator to read-only – for all your TeamCity projects at once.

Enable per-project authorization to grant users more control over their projects while restricting access to your other pipelines. Customize the default roles or create new ones with the specific access levels you require using TeamCity’s fine-grained permissions.

For a streamlined experience, manage access to TeamCity directly from your VCS hosting service. Create new users via the LDAP authentication option, and map user roles to ensure users have the level of access to their projects by default.

Start building for free

Efficient access management with user groups

Mirror your organizational structure and manage access to TeamCity efficiently with user groups.

  • Assign users to their relevant groups to grant them the permissions they need.
  • Enable group-level notifications to inform users of pipeline progress, from failed builds and muted tests to investigation updates and successful runs.
  • Grant individual users or groups permission to approve build starts.
Efficient access management with user groups

Tracking user activity and changes in TeamCity

Use TeamCity to track who did what and when. See who assigned a role to a user, added a user to a group, modified a build configuration, and much more.

Tracking user activity and changes in TeamCity

Fine-tune access control for better permission management

With TeamCity, you can choose the best way to configure permissions at any level.

Control the ability to start and stop build jobs, edit build configurations, manage failing tests, administer build agents, and access build artifacts via groups or individual users. For resource-intensive jobs, automated deployments, or sensitive projects, you can also require approvals from specific users or group members.

See Kotlin DSL examples

Integrates with your toolchain

Enable transparent SSO and centralized user management with TeamCity’s preconfigured authentication options. Create custom plugins to integrate TeamCity with your authentication tools.

Integrates with your toolchain

Create and manage users automatically via your VCS hosting provider (such as GitHub, GitLab, Bitbucket, or Azure DevOps), integrate with your existing LDAP or NTLM setup, or enable SAML 2.0 for authentication via your identity provider. Tick off your security must-haves with optional or enforced two-factor authentication (2FA) and new user email verification.

Enhanced security with time-limited access tokens

Maintain a robust security posture by generating time-limited access tokens for command line scripts and temporary users. Grant minimal permissions lasting from a few seconds to several weeks, and revoke the tokens earlier if needed.

Want to make your CI/CD pipeline visible to your wider organization, auditors, or clients? Enable guest access for a read-only view of some or all of your TeamCity projects.

Lost access to your TeamCity server? Enable Super User login mode to regain access via your TeamCity logs.

Get started with TeamCity

Powerful CI/CD system with advanced user management features

FAQ: User management with TeamCity

Does TeamCity support SSO?

You can enable single-sign-on to TeamCity in several ways: through your VCS hosting provider (for example, GitHub, GitLab, Bitbucket, or Azure DevOps), via a SAML 2.0 integration with your IDP (such as Okta, OneLogin, AWS SSO, or Active Directory FS), or by integrating with your LDAP or NTLM system. You can also enable JetBrains Hub to manage user access from a single web-based UI for all your JetBrains services.

Can I enforce 2FA for TeamCity?

Yes, you can make two-factor authentication a requirement for logging in to TeamCity. When enabled, users will be prompted to configure 2FA for their user accounts using a suitable authenticator app.

Can I require user approval before starting a build?

You can make approval by specific users or members of a particular user group a condition for a build. For example, you could make approval by the team lead, project manager, or QA lead a condition of starting a particular stage in your pipeline. Simply add the Build Approval feature to your build configuration.

How can I secure access to TeamCity?

TeamCity has been designed with security in mind while allowing you to configure permissions in line with your organization’s needs. We recommend using TeamCity’s fine-grained permissions to create user roles with the minimum level of access required and granting these permissions on a per-project basis. For scripts calling the TeamCity REST API and users requiring access for a short period only, you can generate a temporary access token with the minimum permissions required. Find out more about applying security best practices to your TeamCity deployment.