User authentication and authorization

TeamForge Orchestrate is authenticated and authorized by TeamForge, using TeamForge users, permissions and roles. To access TeamForge Orchestrate features, TeamForge users need additional permissions on a project by project basis.

TeamForge Orchestrate requires a valid TeamForge user session for access. If you try to access TeamForge Orchestrate when you are not logged in or when your session has expired, you will be directed to the TeamForge login page. After you successfully log in, you will be automatically redirected to the target TeamForge Orchestrate screen.


TeamForge Orchestrate permissions are set in the "Project Admin" area on a project by project basis. The following Orchestrate permissions may be used in creating TeamForge roles:
  • Pipeline read — The minimum required permission for a user to use TeamForge Orchestrate. Users with this permission level can view pipeline activity details and make comments.
  • Pipeline edit — Required to modify the configuration of a pipeline such as data sources or steps. Users with the "Pipeline edit" permission are implicitly granted the "Pipeline read" permission.
  • Pipeline create — Required to create new pipelines. Users with the "Pipeline create" permission are implicitly granted the "Pipeline read" and "Pipeline edit" permissions.
  • REST API — Required to retrieve data from the Orchestrate API. TeamForge site administrators do not explicitly require this permission; however, all other project members, including project administrators, require this permission to use the API.
Note: TeamForge Orchestrate does not immediately reflect permission changes. Permissions are automatically refreshed every day. To reflect permission changes more quickly, log out of TeamForge, wait 10 minutes, and then log back in again.