Gitlab OIDC + Groups

nick.p.doyle · July 18, 2023, 12:38am

I know we can setup SSO via SAML or OIDC, how about groups?

I see SCIM for groups only supported for gitlab.com (saas) Configure SCIM for GitLab.com groups | GitLab

I know you can require group membership requirement (i.e. user must be a member of a group to login/admin) per OpenID Connect OmniAuth provider | GitLab
(also i’m not super clear on “external” users - we’re actually contractors setting this up for a client so likely relevent)

My main use case though is: ability to manage gitlab group membership via AzureAD

For this, should I be using SAML+SCIM? In which case is OIDC useful only for use auth, not groups? (which need to be managed within gitlab if using OIDC?)

balonik · July 18, 2023, 6:58am

For self-managed instances you can use SAML Group Sync | GitLab for authorization. It requires paid subscription. There is also LDAP alternative LDAP synchronization | GitLab

nick.p.doyle · July 18, 2023, 8:45am

Thanks! That’s with SAML, any idea if it’s possible with OIDC?

balonik · July 18, 2023, 8:47am

No, there are just the SAML and LDAP options.

tachyons-gitlab · August 1, 2023, 12:55am

I believe you are looking for OIDC group links, you can track the progress here

Topic		Replies	Views
Gitlab SaaS and OIDC/OAuth General oauth	3	1010	July 20, 2021
External users with Azure AD Self-managed omniauth , sso	0	911	June 2, 2021
How to grant users admin rights when logging in via Keycloak OIDC? How to Use GitLab kubernetes , sso	2	3121	June 18, 2023
Cannot login using SAML-based authentication How to Use GitLab	4	3165	January 7, 2022
Azure AD integration with gitlab.com Self-managed ldap	1	8035	June 17, 2020

Gitlab OIDC + Groups

Related topics