-
由 Jonathan Glassman 创作于由 Jonathan Glassman 创作于
代码所有者
将用户和群组指定为特定文件更改的核准人。 了解更多。
index.md 2.73 KiB
stage: Govern
group: Authentication
description: Third-party authentication providers.
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignmentsGitLab authentication and authorization
DETAILS: Tier: Free, Premium, Ultimate Offering: Self-managed
GitLab integrates with a number of OmniAuth providers, and the following external authentication and authorization providers:
- LDAP: Includes Active Directory, Apple Open Directory, Open LDAP, and 389 Server.
- SAML for GitLab.com groups
- Smart card
NOTE: UltraAuth has removed their software which supports OmniAuth integration. We have therefore removed all references to UltraAuth integration.
SaaS vs self-managed comparison
The external authentication and authorization providers may support the following capabilities. For more information, see the links shown on this page for each external provider.
| Capability | SaaS | Self-managed |
|---|---|---|
| User Provisioning | SCIM SAML 1 |
LDAP 1 SAML 1 OmniAuth Providers 1 SCIM |
| User Detail Updating (not group management) | Not Available | LDAP Sync |
| Authentication | SAML at top-level group (1 provider) | LDAP (multiple providers) Generic OAuth 2.0 SAML (only 1 permitted per unique provider) Kerberos JWT Smart card OmniAuth Providers (only 1 permitted per unique provider) |
| Provider-to-GitLab Role Sync | SAML Group Sync | LDAP Group Sync SAML Group Sync (GitLab 15.1 and later) |
| User Removal | SCIM (remove user from top-level group) | LDAP (remove user from groups and block from the instance) SCIM |
- Using Just-In-Time (JIT) provisioning, user accounts are created when the user first signs in.
Test OIDC/OAuth in GitLab
See Test OIDC/OAuth in GitLab to learn how to test OIDC/OAuth authentication in your GitLab instance using your client application.