Beyond Identity

Tier: Premium, Ultimate Offering: Self-managed, GitLab Dedicated
History

Configure GitLab to verify GPG keys issued by Beyond Identity added to a user profile.

Set up the Beyond Identity integration for your instance

Prerequisites:

  • You must have administrator access to the GitLab instance.
  • The email address used in the GitLab profile must be the same as the email assigned to the key in the Beyond Identity Authenticator.
  • You must have a Beyond Identity API token. You can request it from their Sales Engineer.

To enable the Beyond Identity integration for your instance:

  1. Sign in to GitLab as an administrator.
  2. On the left sidebar, at the bottom, select Admin.
  3. Select Settings > Integrations.
  4. Select Beyond Identity.
  5. Under Enable integration, select the Active checkbox.
  6. In API token, paste the API token you received from Beyond Identity.
  7. Select Save changes.

The Beyond Identity integration for your instance is now enabled.

GPG key verification

When a user adds a GPG key to their profile, the key is verified:

  • If the key wasn’t issued by the Beyond Identity Authenticator, it’s accepted.
  • If the key was issued by the Beyond Identity Authenticator, but the key is invalid, it’s rejected. For example: the email used in the user’s GitLab profile is different from the email assigned to the key in the Beyond Identity Authenticator.

When a user pushes a commit, GitLab checks that the commit was signed by a GPG signature uploaded to the user profile. If the signature cannot be verified, the push is rejected. Web commits are accepted without a signature.

Skip push check for service accounts

Prerequisites:

  • You must have administrator access to the GitLab instance.

To skip the push check for service accounts:

  1. Sign in to GitLab as an administrator.
  2. On the left sidebar, at the bottom, select Admin.
  3. Select Settings > Integrations.
  4. Select Beyond Identity.
  5. Select the Exclude service accounts checkbox.
  6. Select Save changes.

Exclude groups or projects from the Beyond Identity check

History
The availability of this feature is controlled by a feature flag. For more information, see the history. This feature is available for testing, but not ready for production use.

Prerequisites:

  • You must have administrator access to the GitLab instance.

To exclude groups or projects from the Beyond Identity check:

  1. Sign in to GitLab as an administrator.
  2. On the left sidebar, at the bottom, select Admin.
  3. Select Settings > Integrations.
  4. Select Beyond Identity.
  5. Select the Exclusions tab.
  6. Select Add exclusions.
  7. On the drawer, search and select groups or projects to exclude.
  8. Select Add exclusions.