GitLab authentication and authorization
- Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
GitLab integrates with a number of OmniAuth providers, and the following external authentication and authorization providers:
- LDAP: Includes Active Directory, Apple Open Directory, Open LDAP, and 389 Server.
- SAML for GitLab.com groups
- Smart card
UltraAuth has removed their software which supports OmniAuth integration. We have therefore removed all references to UltraAuth integration.
GitLab.com compared to GitLab Self-Managed
The external authentication and authorization providers may support the following capabilities. For more information, see the links shown on this page for each external provider.
Capability | GitLab.com | Self-managed |
---|---|---|
User Provisioning | SCIM SAML 1 | LDAP 1 SAML 1 OmniAuth Providers 1 SCIM |
User Detail Updating (not group management) | Not Available | LDAP Sync |
Authentication | SAML at top-level group (1 provider) | LDAP (multiple providers) Generic OAuth 2.0 SAML (only 1 permitted per unique provider) Kerberos JWT Smart card OmniAuth Providers (only 1 permitted per unique provider) |
Provider-to-GitLab Role Sync | SAML Group Sync | LDAP Group Sync SAML Group Sync (GitLab 15.1 and later) |
User Removal | SCIM (remove user from top-level group) | LDAP (remove user from groups and block from the instance) SCIM |
Footnotes:
- Using Just-In-Time (JIT) provisioning, user accounts are created when the user first signs in.
Test OIDC/OAuth in GitLab
See Test OIDC/OAuth in GitLab to learn how to test OIDC/OAuth authentication in your GitLab instance using your client application.
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support