GitLab integrates with the following external authentication and authorization providers:
- AWS Cognito
- Bitbucket Cloud
- Google OAuth
- LDAP: Includes Active Directory, Apple Open Directory, Open LDAP, and 389 Server.
- SAML for GitLab.com groups
The external authentication and authorization providers may support the following capabilities. For more information, see the links shown on this page for each external provider.
Just-In-Time (JIT) Provisioning
|User Detail Updating (not group management)||Not Available||LDAP Sync|
|Authentication||SAML at top-level group (1 provider)||LDAP (multiple providers)|
SAML (only 1 permitted per unique provider)
OmniAuth Providers (only 1 permitted per unique provider)
|Provider-to-GitLab Role Sync||SAML Group Sync||LDAP Group Sync|
|User Removal||SCIM (remove user from top-level group)||LDAP (Blocking User from Instance)|