Use Google OAuth 2.0 as an OAuth 2.0 authentication provider
- Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed
To enable the Google OAuth 2.0 OmniAuth provider you must register your application with Google. Google generates a client ID and secret key for you to use.
To enable Google OAuth, you must configure the:
- Google Cloud Resource Manager
- Google API Console
- GitLab server
Configure the Google Cloud Resource Manager
- Go to the Google Cloud Resource Manager.
- Select CREATE PROJECT.
- In Project name, enter
GitLab
. - In Project ID, Google provides a randomly generated project ID by default. You can use this randomly generated ID or create a new one. If you create a new ID, it must be unique to all Google Developer registered applications.
To see your new project in the list, refresh the page.
Configure the Google API Console
Go to the Google API Console.
In the upper-left corner, select your previously created project.
Select OAuth consent screen and complete the fields.
Select Credentials > Create credentials > OAuth client ID.
Complete the fields:
Application type: Select Web application.
Name: Use the default name or enter your own.
Authorized JavaScript origins: Enter
https://gitlab.example.com
.Authorized redirect URIs: Enter your domain name followed by the callback URIs one at a time:
https://gitlab.example.com/users/auth/google_oauth2/callback https://gitlab.example.com/-/google_api/auth/callback
You should see a client ID and client secret. Note them down or keep this page open as you need them later.
To enable projects to access Google Kubernetes Engine, you must also enable the:
- Google Kubernetes Engine API
- Cloud Resource Manager API
- Cloud Billing API
To do so:
- Go to the Google API Console.
- Select ENABLE APIS AND SERVICES at the top of the page.
- Find each of the above APIs. On the page for the API, select ENABLE. It may take a few minutes for the API to be fully functional.
Configure the GitLab server
Open the configuration file.
For Linux package installations:
sudo editor /etc/gitlab/gitlab.rb
For self-compiled installations:
cd /home/git/gitlab sudo -u git -H editor config/gitlab.yml
Configure the common settings to add
google_oauth2
as a single sign-on provider. This enables Just-In-Time account provisioning for users who do not have an existing GitLab account.Add the provider configuration.
For Linux package installations:
gitlab_rails['omniauth_providers'] = [ { name: "google_oauth2", # label: "Provider name", # optional label for login button, defaults to "Google" app_id: "<YOUR_APP_ID>", app_secret: "<YOUR_APP_SECRET>", args: { access_type: "offline", approval_prompt: "" } } ]
For self-compiled installations:
- { name: 'google_oauth2', # label: 'Provider name', # optional label for login button, defaults to "Google" app_id: 'YOUR_APP_ID', app_secret: 'YOUR_APP_SECRET', args: { access_type: 'offline', approval_prompt: '' } }
Replace
<YOUR_APP_ID>
with the client ID from the Google Developer page.Replace
<YOUR_APP_SECRET>
with the client secret from the Google Developer page.Make sure that you configure GitLab to use a fully-qualified domain name, as Google doesn’t accept raw IP addresses.
For Linux package installations:
external_url 'https://gitlab.example.com'
For self-compiled installations:
gitlab: host: https://gitlab.example.com
Save the configuration file.
For the changes to take effect:
- If you installed using the Linux package, reconfigure GitLab.
- If you self-compiled your installation, restart GitLab.
On the sign in page there should now be a Google icon below the regular sign in form. Select the icon to begin the authentication process. Google asks the user to sign in and authorize the GitLab application. If everything goes well the user is returned to GitLab and is signed in.
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support