GitLab integrates with a number of OmniAuth providers, and the following external authentication and authorization providers:
- LDAP: Includes Active Directory, Apple Open Directory, Open LDAP, and 389 Server.
- SAML for GitLab.com groups
The external authentication and authorization providers may support the following capabilities. For more information, see the links shown on this page for each external provider.
OmniAuth Providers 1
|User Detail Updating (not group management)||Not Available||LDAP Sync|
|Authentication||SAML at top-level group (1 provider)||LDAP (multiple providers)|
Generic OAuth 2.0
SAML (only 1 permitted per unique provider)
OmniAuth Providers (only 1 permitted per unique provider)
|Provider-to-GitLab Role Sync||SAML Group Sync||LDAP Group Sync|
SAML Group Sync (GitLab 15.1 and later)
|User Removal||SCIM (remove user from top-level group)||LDAP (remove user from groups and block from the instance)|
- Using Just-In-Time (JIT) provisioning, user accounts are created when the user first signs in.
See Test OIDC/OAuth in GitLab to learn how to test OIDC/OAuth authentication in your GitLab instance using your client application.