GitLab authentication and authorization

GitLab integrates with the following external authentication and authorization providers:

note
UltraAuth has removed their software which supports OmniAuth integration. We have therefore removed all references to UltraAuth integration.

SaaS vs Self-Managed Comparison

The external authentication and authorization providers may support the following capabilities. For more information, see the links shown on this page for each external provider.

Capability SaaS Self-Managed
User Provisioning SCIM
Just-In-Time (JIT) Provisioning
LDAP Sync
User Detail Updating (not group management) Not Available LDAP Sync
Authentication SAML at top-level group (1 provider) LDAP (multiple providers)
Generic OAuth2
SAML (only 1 permitted per unique provider)
Kerberos
JWT
Smartcard
OmniAuth Providers (only 1 permitted per unique provider)
Provider-to-GitLab Role Sync SAML Group Sync LDAP Group Sync
User Removal SCIM (remove user from top-level group) LDAP (Blocking User from Instance)