Beyond Identity
- Tier: Premium, Ultimate
- Offering: GitLab Self-Managed, GitLab Dedicated
Configure GitLab to verify GPG keys issued by Beyond Identity added to a user profile.
Set up the Beyond Identity integration for your instance
Prerequisites:
- You must have administrator access to the GitLab instance.
- The email address used in the GitLab profile must be the same as the email assigned to the key in the Beyond Identity Authenticator.
- You must have a Beyond Identity API token. You can request it from their Sales Engineer.
To enable the Beyond Identity integration for your instance:
- Sign in to GitLab as an administrator.
- On the left sidebar, at the bottom, select Admin.
- Select Settings > Integrations.
- Select Beyond Identity.
- Under Enable integration, select the Active checkbox.
- In API token, paste the API token you received from Beyond Identity.
- Select Save changes.
The Beyond Identity integration for your instance is now enabled.
GPG key verification
When a user adds a GPG key to their profile, the key is verified:
- If the key wasn’t issued by the Beyond Identity Authenticator, it’s accepted.
- If the key was issued by the Beyond Identity Authenticator, but the key is invalid, it’s rejected. For example: the email used in the user’s GitLab profile is different from the email assigned to the key in the Beyond Identity Authenticator.
When a user pushes a commit, GitLab checks that the commit was signed by a GPG signature uploaded to the user profile. If the signature cannot be verified, the push is rejected. Web commits are accepted without a signature.
Skip push check for service accounts
- Introduced in GitLab 16.11.
Prerequisites:
- You must have administrator access to the GitLab instance.
To skip the push check for service accounts:
- Sign in to GitLab as an administrator.
- On the left sidebar, at the bottom, select Admin.
- Select Settings > Integrations.
- Select Beyond Identity.
- Select the Exclude service accounts checkbox.
- Select Save changes.
Exclude groups or projects from the Beyond Identity check
Prerequisites:
- You must have administrator access to the GitLab instance.
To exclude groups or projects from the Beyond Identity check:
- Sign in to GitLab as an administrator.
- On the left sidebar, at the bottom, select Admin.
- Select Settings > Integrations.
- Select Beyond Identity.
- Select the Exclusions tab.
- Select Add exclusions.
- On the drawer, search and select groups or projects to exclude.
- Select Add exclusions.
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support