Gitlab OIDC + Groups

I know we can setup SSO via SAML or OIDC, how about groups?

I see SCIM for groups only supported for (saas) Configure SCIM for groups | GitLab

I know you can require group membership requirement (i.e. user must be a member of a group to login/admin) per OpenID Connect OmniAuth provider | GitLab
(also i’m not super clear on “external” users - we’re actually contractors setting this up for a client so likely relevent)

My main use case though is: ability to manage gitlab group membership via AzureAD

For this, should I be using SAML+SCIM? In which case is OIDC useful only for use auth, not groups? (which need to be managed within gitlab if using OIDC?)

For self-managed instances you can use SAML Group Sync | GitLab for authorization. It requires paid subscription. There is also LDAP alternative LDAP synchronization | GitLab

Thanks! That’s with SAML, any idea if it’s possible with OIDC?

No, there are just the SAML and LDAP options.

1 Like

I believe you are looking for OIDC group links, you can track the progress here