GitLab authentication and authorization
GitLab integrates with the following external authentication and authorization providers:
- AWS Cognito
- Bitbucket Cloud
- Google OAuth
- LDAP: Includes Active Directory, Apple Open Directory, Open LDAP, and 389 Server.
- SAML for GitLab.com groups (PREMIUM SAAS)
- Smartcard (PREMIUM SELF)
NOTE: UltraAuth has removed their software which supports OmniAuth integration. We have therefore removed all references to UltraAuth integration.
SaaS vs Self-Managed Comparison
The external authentication and authorization providers may support the following capabilities. For more information, see the links shown on this page for each external provider.
|User Detail Updating (not group management)||Not Available||LDAP Sync|
|Authentication||SAML at top-level group (1 provider)||LDAP (multiple providers)
SAML (only 1 permitted per unique provider)
OmniAuth Providers (only 1 permitted per unique provider)
|Provider-to-GitLab Role Sync||SAML Group Sync||LDAP Group Sync|
|User Removal||SCIM (remove user from top-level group)||LDAP (Blocking User from Instance)|