When setting up GitLab as OAuth/OpenID identity provider, it seems like every user on that GitLab server can login to the other system (Polarion).
Is it possible to require the users to be member of certain group/subgroup in order to be able to login.
I’ve setup a group owned application since I thought this would already restrict access to group members, but it does not.
ref: GitLab as OAuth2 authentication service provider | GitLab
We are currently running GitLab Enterprise Edition 13.12.3-ee in our own cloud.
Hello, did you find how to manage about those restrictions ?
We have actually the same problem, we have Grafana apps with GitLab OAuth & with our Active Directory synchronized. We want to let only “OPS AD Group” to login to Grafana application. We tried to create a Group named Grafana in GitLab and to associate it the “OPS AD Group” but doesn’t work.
That’s why I’m here 
Thanks !
Sorry for the late reply.
In the meantime this feature was implemented in the OAuth client, in this case Polarion.
It is not possible to require users being members of a specific group in order to be able to login.