Beyond Identity
- Introduced in GitLab 16.9.
Configure GitLab to verify GPG keys issued by Beyond Identity added to a user profile.
Set up the Beyond Identity integration for your instance
Prerequisites:
- You must have administrator access to the GitLab instance.
- The email address used in the GitLab profile must be the same as the email assigned to the key in the Beyond Identity Authenticator.
- You must have a Beyond Identity API token. You can request it from their Sales Engineer.
To enable the Beyond Identity integration for your instance:
- Sign in to GitLab as an administrator.
- On the left sidebar, at the bottom, select Admin Area.
- Select Settings > Integrations.
- Select Beyond Identity.
- Under Enable integration, select the Active checkbox.
- In API token, paste the API token you received from Beyond Identity.
- Select Save changes.
The Beyond Identity integration for your instance is now enabled. When a user adds a GPG key to their profile, the key is verified. If the key wasn’t issued by the Beyond Identity Authenticator or the email used in their GitLab profile is different from the email assigned to the key in the Beyond Identity Authenticator, it’s rejected.
When a user pushes a commit, GitLab checks that the commit was signed by a GPG signature uploaded to the user profile. If the signature cannot be verified, the push is rejected. Web commits are accepted without a signature.
Skip push check for service accounts
- Introduced in GitLab 16.11.
Prerequisites:
- You must have administrator access to the GitLab instance.
To skip the push check for service accounts:
- Sign in to GitLab as an administrator.
- On the left sidebar, at the bottom, select Admin Area.
- Select Settings > Integrations.
- Select Beyond Identity.
- Select the Exclude service accounts checkbox.
- Select Save changes.