Jenkins restrict access to only Google Apps Domain users using OpenID Authentication
Yes there is a special group you can use to do this but finding the information about how to do it isn't obvious.If you hover over the 'Overall - Read' column on the Matrix-based security table you'll get the solution.
It states
The read permission is necessary for viewing almost all pages of Jenkins. This permission is useful when you don't want unauthenticated users to see Jenkins pages - revoke this permission from the anonymous user, then add "authenticated" pseudo-user and grant the read access.
I use the following technique in combination with the OpenID plugin which allows me to specify a Google Apps for Business domain to secure Jenkins with
Warning: Make sure you've got a backup of your installation before you start because if you get something wrong you may lock yourself out of your Jenkins. Unpicking the plugins and settings would take longer than just restoring from a backup.
- Ensure your choice of OpenID provider is still working ok with your current 'Logged in users can do anything' setting
- Select the 'Matrix based-security' mode for Authorization
- Add a new 'authenticated' group (lower case 'a') to the Matrix-based security table.
- Use the 'check all' icon at the right hand end of the new 'authenticated' row to tick all the permission boxes.
- Use the 'check all' icon at the right hand end of the 'Anonymous' row to untick all the permission boxes.
- Save the settings
- Reload Jenkins
Now each time a user wants to see Jenkins they have to be already signed into their Google Account and no-one can get to see any Job names or views without login.
Hope this helps.