PageRenderTime 23ms CodeModel.GetById 21ms RepoModel.GetById 1ms app.codeStats 0ms

/doc/administration/auth/README.md

https://gitlab.com/klml/gitlab-ee
Markdown | 52 lines | 45 code | 7 blank | 0 comment | 0 complexity | 9fbf9e0bc2631a4b22268cf108df7bd1 MD5 | raw file
    

  1. ---
    2. 

  2. comments: false
    3. 

  3. type: index
    4. 

  4. stage: Manage
    5. 

  5. group: Access
    6. 

  6. info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
    7. 

  7. ---
    8. 

  8. 

  9. # GitLab authentication and authorization **(FREE SELF)**
    10. 

  10. 

  11. GitLab integrates with the following external authentication and authorization
    12. 

  12. providers:
    13. 

  13. 

  14. - [Atlassian](atlassian.md)
    15. 

  15. - [Auth0](../../integration/auth0.md)
    16. 

  16. - [Authentiq](authentiq.md)
    17. 

  17. - [AWS Cognito](cognito.md)
    18. 

  18. - [Azure](../../integration/azure.md)
    19. 

  19. - [Bitbucket Cloud](../../integration/bitbucket.md)
    20. 

  20. - [CAS](../../integration/cas.md)
    21. 

  21. - [Crowd](crowd.md)
    22. 

  22. - [Facebook](../../integration/facebook.md)
    23. 

  23. - [GitHub](../../integration/github.md)
    24. 

  24. - [GitLab.com](../../integration/gitlab.md)
    25. 

  25. - [Google OAuth](../../integration/google.md)
    26. 

  26. - [JWT](jwt.md)
    27. 

  27. - [Kerberos](../../integration/kerberos.md)
    28. 

  28. - [LDAP](ldap/index.md): Includes Active Directory, Apple Open Directory, Open LDAP,
    29. 

  29.   and 389 Server.
    30. 

  30.   - [Google Secure LDAP](ldap/google_secure_ldap.md)
    31. 

  31. - [Salesforce](../../integration/salesforce.md)
    32. 

  32. - [SAML](../../integration/saml.md)
    33. 

  33. - [SAML for GitLab.com groups](../../user/group/saml_sso/index.md) **(PREMIUM SAAS)**
    34. 

  34. - [Shibboleth](../../integration/shibboleth.md)
    35. 

  35. - [Smartcard](smartcard.md) **(PREMIUM SELF)**
    36. 

  36. - [Twitter](../../integration/twitter.md)
    37. 

  37. 

  38. NOTE:
    39. 

  39. UltraAuth has removed their software which supports OmniAuth integration. We have therefore removed all references to UltraAuth integration.
    40. 

  40. 

  41. ## SaaS vs Self-Managed Comparison
    42. 

  42. 

  43. The external authentication and authorization providers may support the following capabilities.
    44. 

  44. For more information, see the links shown on this page for each external provider.
    45. 

  45. 

  46. | Capability                                      | SaaS                                    | Self-Managed                       |
    47. 

  47. |-------------------------------------------------|-----------------------------------------|------------------------------------|
    48. 

  48. | **User Provisioning**                           | SCIM<br>JIT Provisioning                | LDAP Sync                          |
    49. 

  49. | **User Detail Updating** (not group management) | Not Available                           | LDAP Sync                          |
    50. 

  50. | **Authentication**                              | SAML at top-level group (1 provider)    | LDAP (multiple providers)<br>Generic OAuth2<br>SAML (only 1 permitted per unique provider)<br>Kerberos<br>JWT<br>Smartcard<br>OmniAuth Providers (only 1 permitted per unique provider) |
    51. 

  51. | **Provider-to-GitLab Role Sync**                | SAML Group Sync                         | LDAP Group Sync                    |
    52. 

  52. | **User Removal**                                | SCIM (remove user from top-level group) | LDAP (Blocking User from Instance) |
    53. 

  53.