GitLab Dedicated users and notifications
- Tier: Ultimate
- Offering: GitLab Dedicated
Add Switchboard users
Administrators can add Switchboard users to their GitLab Dedicated instance. There are two types of users:
- Read only: Users can only view instance data.
- Admin: Users can edit the instance configuration and manage users.
To add a new user to your GitLab Dedicated instance:
- Sign in to Switchboard.
- From the top of the page, select Users.
- Select New user.
- Enter the Email and select a Role for the user.
- Select Create.
An invitation to use Switchboard is sent to the user.
Manage notification preferences
You can specify whether you want to receive email notifications from Switchboard. You will only receive notifications after you:
- Receive an email invitation and first sign in to Switchboard.
- Set up a password and two-factor authentication (2FA) for your user account.
To manage your own email notification preferences:
- From any page, open the dropdown next to your user name.
- To stop receiving email notifications, select Toggle email notifications off.
- To resume receiving email notifications, select Toggle email notifications on.
You will see an alert confirming that your notification preferences have been updated.
Reset a Switchboard user password
To reset your Switchboard password, submit a support ticket. The support team will help you regain access to your account.
SMTP email service
You can configure an SMTP email service for your GitLab Dedicated instance.
To configure an SMTP email service, submit a support ticket with the credentials and settings for your SMTP server.
Configure single sign-on for Switchboard
Enable single sign-on (SSO) for Switchboard to integrate with your organization’s identity provider. Switchboard supports both SAML and OIDC protocols.
To configure SSO for Switchboard:
- Gather the required information for your chosen protocol (see the information required for SAML and OIDC).
- Submit a support ticket with the information.
- Configure your identity provider with the information GitLab provides.
These instructions apply only to SSO for Switchboard. For GitLab Dedicated instances, see SAML single sign-on for GitLab Dedicated.
SAML configuration
When requesting SAML configuration, you must provide:
| Information | Description |
|---|---|
| Metadata URL | The URL that points to your identity provider’s SAML metadata document. This typically ends with /saml/metadata.xml or is available in your identity provider’s SSO configuration section. |
| Email attribute mapping | The format your identity provider uses to represent email addresses. For example, in Auth0 this might be http://schemas.auth0.com/email. |
| Attributes request method | The HTTP method (GET or POST) that should be used when requesting attributes from your identity provider. Check your identity provider’s documentation for the recommended method. |
| User email domain | The domain portion of your users’ email addresses (for example, gitlab.com). |
GitLab provides you with the following information to configure in your identity provider:
| Information | Description |
|---|---|
| Callback/ACS URL | The URL where your identity provider should send SAML responses after authentication. |
| Required attributes | Attributes that must be included in the SAML response. At minimum, an attribute mapped to email is required. |
If you require encrypted responses, GitLab can provide the necessary certificates upon request.
GitLab Dedicated does not support IdP-initiated SAML.
OIDC configuration
When requesting OIDC configuration, you must provide:
| Information | Description |
|---|---|
| Issuer URL | The base URL that uniquely identifies your OIDC provider. This URL typically points to your provider’s discovery document located at https://[your-idp-domain]/.well-known/openid-configuration. |
| Token endpoints | The specific URLs from your identity provider used for obtaining and validating authentication tokens. These endpoints are usually listed in your provider’s OpenID Connect configuration documentation. |
| Scopes | The permission levels requested during authentication that determine what user information is shared. Standard scopes include openid, email, and profile. |
| Client ID | The unique identifier assigned to Switchboard when you register it as an application in your identity provider. You’ll need to create this registration in your identity provider’s dashboard first. |
| Client secret | The confidential security key generated when you register Switchboard in your identity provider. This secret authenticates Switchboard to your IdP and should be kept secure. |
GitLab provides you with the following information to configure in your identity provider:
| Information | Description |
|---|---|
| Redirect/callback URLs | The URLs where your identity provider should redirect users after successful authentication. These must be added to your identity provider’s allowed redirect URLs list. |
| Required claims | The specific user information that must be included in the authentication token payload. At minimum, a claim mapped to the user’s email address is required. |
Additional configuration details may be required depending on your specific OIDC provider.
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support