There are two types of authentication modules in TeamCity:
Credentials Authentication Module authenticates users with a login/password pair specified on the login page.
HTTP Authentication Module authenticates users with some information from a certain HTTP request.You can enable several credentials authentication modules and several HTTP authentication modules simultaneously.
On an attempt to log in via the login page, TeamCity asks all the available credentials authentication modules in the order they are specified and the first one that can authenticate the user authenticates him/her. And for any HTTP request, if there is no authenticated user yet, TeamCity asks all enabled HTTP authentication modules in the order they are specified and the first one that can authenticate the user, authenticates him/her (if no HTTP authentication module can authenticate the user for the specified HTTP request, TeamCity redirects the user to the login page).
TeamCity supports the following credentials authentication modules:
Built-in (cross-platform): Users and their passwords are maintained by TeamCity. New users are added by the TeamCity administrator (in the Administration area) or they can register themselves if the user registration at the first login is allowed by the administrator.
Microsoft Windows domain (cross-platform): All NT domain users that can log on to the machine running the TeamCity server, can also log in to TeamCity using the same credentials. i.e. to log in to TeamCity users should provide domain and username (DOMAIN\username) and their domain password.
Since TeamCity 2019.1, Token-Based Authentication (cross-platform): Authentication via the personal access tokens that are maintained by TeamCity. This enables both an ability to authenticate with login/access-token instead of login/password when using the login form and token-based HTTP authentication.
The following HTTP authentication modules are supported:
Basic HTTP (cross-platform): Allows accessing certain web server pages and perform actions from various scripts.
NTLM HTTP (only for Windows servers): Allows logging in using NTLM HTTP protocol. Depending on the client's web browser and operating system can provide an ability to log in without typing the user's credentials manually.
Refer to Configuring Authentication Settings for specific authentication modules configuration. See also Accessing Server by HTTP page for details about accessing a server from your scripts using Token-Based Authentication or basic HTTP authentication.