We would like to integrate Gitlab with Okta, any advice on how to get started?
I met this question a few times while trying to get this working, posted the results on the following GitLab issue https://gitlab.com/gitlab-org/gitlab-ce/issues/14122#note_17669455
Yes, with GitLab 13.0 (May 2020), but only for Premium and more (so not free), and only for gitlab.com (not self-managed)
Okta SCIM Integration Application for GitLab.com
We now offer an Okta SCIM integration application for Gitlab.com groups!
When Okta SCIM is provisioned for a GitLab group, membership of that group is synchronized between GitLab and Okta. This reduces group administrator time spent to onboard and offboard users.
See documentation and issue.
Update 2023: GitLab 15.8 (January 2023) add support for self-managed GitLab instances as well! (still premium+ only).
SCIM support for self-managed GitLab
Self-managed GitLab now supports the open standard System for Cross-domain Identity Management (SCIM), which allows you to automatically:
Create users.
Remove users by deactivating their SCIM identities.
Previously, this was only available for GitLab.com.
SCIM enables GitLab administrators to completely automate their user lifecycle management.
See Documentation and Issue.
Related
Seeking input from anyone who has done this before.
We need to create additional organizations in GitHub that will be accessible to different groups of users so we moved to the Enterprise Cloud implementation. Our single Org will be moved into the Enterprise to absorb the seats into our Enterprise licenses.
We are using SAML SSO on our current org. I would like to setup a separate IdP definition for the Enterprise SSO configuration to start with and migrate the org users to the enterprise at a later time. Will this work as described?
I realize there may be some action innersource issues for private repos. But I think those just need to be changed to Internal.
If you have performed a similar migration, did you run into any unexpected issues? Do you have any tips to avoid any nasty hiccups?
The answer from their support groups is no, this will not work.
"configuring SSO at the Enterprise will overwrite SSO for all organizations under it."
I am building a web application where users have to provide my web application access to their repositories in GitHub| Bit bucket| Git Lab | any other code hosting platform.
I have implemented it through OAuth2 for which I had to create client applications on all platforms separately.
Initially it was scoped only to GitHub | Bit Bucket but now I want my web application to support all other major platforms as well.
So my current implementation requires me to create client applications for all other plat platforms which is a hectic because We want to give support for On-Premise version control system as well.
Is there a secure and generic way to authorize to version control system ?
One solution is that user directly provide their Personal Access Tokens (Encrypted) to my web application so that my application can save these PAT and use them to pull the repositories in future.
But I wonder if this is a secure enough or a standard method. If not then what might be the appropriate solution to this problem.
You might need to use an Oauth2 provider like:
dexidp/dex, an identity service that uses OpenID Connect to drive authentication for other apps.
Dex acts as a portal to other identity providers through "connectors", which do support your targets
or casdoor, an Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, including some of your targets.
Oauth2 is not the only option, as illustrated by SmartGit
After some reflection I realized that I actually haven’t had authentication problems with SmartGit and Azure DevOps for quite a while, so I spent some time experimenting to figure out just how SmartGit is authenticating to my repos in Azure DevOps.
I ultimately determined that it uses Personal Access Tokens via the Git Credential Manager.
So explicit support of PATs by SmartGit probably isn’t a critical feature after all. When you install Git (on Windows at least), you have the option to install the Git Credential Manager as well.
As long as you do that you should have smooth sailing.
I tried to set CI/CD with Kubernetes on AWS EC2 server using GitLab as following their guideline on the GitLab page, but I faced an error message that says the "API URL is blocked." and I saw the solution of that has to allow the options on the admin's page. But the thing is I can not find the admin area on my account. I guess I need to upgrade my account or something if I want to use its page.
BTW, I want to know both how I can find my admin's page on GitLab and guide of set CI/CD with Kubernetes on GitLab as on-premise.
Please advise to me. Thx in advance.
Youtrack 6.5 introduced integration with Gitlab VCS server.
I'm trying to integrate Youtrack 6.5 with stand-alone Gitlab repository (i.e. not gitlab.com)
Our Gitlab server also require users to go through LDAP authentification first.
Is it possible to make Youtrack go through LDAP authentification?
In case your LDAP server supports authentication with a client certificate, you can try adding a corresponding key to Hub as described here https://www.jetbrains.com/help/hub/2.0/Managing-SSL-Keys-and-Trusted-Certificates.html#ManagingSSLKeyStores and then select the key in GitLab properties form.
I'm trying to provision some Azure Websites using Powershell and am not sure how to configure Bitbucket deployment. Is this possible? Using the Service Management cmdlets I see that there is explicit support for Github deployment, but not Bitbucket. Perhaps there's a way using the new Resource Manager cmdlets, but there's very little documentation that I can find.
This feature isn't yet present in the PowerShell New-AzureWebsite Cmdlet and can only be configured when provisioning a new Website via the Management Portal.