|
…
|
||
|---|---|---|
| .. | ||
| img | ||
| ldap | ||
| README.md | ||
| atlassian.md | ||
| authentiq.md | ||
| cognito.md | ||
| crowd.md | ||
| jwt.md | ||
| oidc.md | ||
| okta.md | ||
| smartcard.md | ||
README.md
| comments | type | stage | group | info |
|---|---|---|---|---|
| false | index | Manage | Access | To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments |
GitLab authentication and authorization (FREE SELF)
GitLab integrates with the following external authentication and authorization providers:
- Atlassian
- Auth0
- Authentiq
- AWS Cognito
- Azure
- Bitbucket Cloud
- CAS
- Crowd
- GitHub
- GitLab.com
- Google OAuth
- JWT
- Kerberos
- LDAP: Includes Active Directory, Apple Open Directory, Open LDAP, and 389 Server.
- Salesforce
- SAML
- SAML for GitLab.com groups (PREMIUM SAAS)
- Shibboleth
- Smartcard (PREMIUM SELF)
NOTE: UltraAuth has removed their software which supports OmniAuth integration. We have therefore removed all references to UltraAuth integration.
SaaS vs Self-Managed Comparison
The external authentication and authorization providers may support the following capabilities. For more information, see the links shown on this page for each external provider.
| Capability | SaaS | Self-Managed |
|---|---|---|
| User Provisioning | SCIM JIT Provisioning |
LDAP Sync |
| User Detail Updating (not group management) | Not Available | LDAP Sync |
| Authentication | SAML at top-level group (1 provider) | LDAP (multiple providers) Generic OAuth2 SAML (only 1 permitted per unique provider) Kerberos JWT Smartcard OmniAuth Providers (only 1 permitted per unique provider) |
| Provider-to-GitLab Role Sync | SAML Group Sync | LDAP Group Sync |
| User Removal | SCIM (remove user from top-level group) | LDAP (Blocking User from Instance) |