debian-mirror-gitlab/doc/administration/auth/index.md

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

37 lines
2.5 KiB
Markdown
Raw Normal View History

2021-09-30 23:02:18 +05:30
---
comments: false
type: index
stage: Manage
2022-04-04 11:22:00 +05:30
group: Authentication and Authorization
2022-11-25 23:54:43 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
2021-09-30 23:02:18 +05:30
---
# GitLab authentication and authorization **(FREE SELF)**
2022-07-23 23:45:48 +05:30
GitLab integrates with a number of [OmniAuth providers](../../integration/omniauth.md#supported-providers),
and the following external authentication and authorization providers:
2021-09-30 23:02:18 +05:30
- [LDAP](ldap/index.md): Includes Active Directory, Apple Open Directory, Open LDAP,
and 389 Server.
- [Google Secure LDAP](ldap/google_secure_ldap.md)
- [SAML for GitLab.com groups](../../user/group/saml_sso/index.md) **(PREMIUM SAAS)**
- [Smartcard](smartcard.md) **(PREMIUM SELF)**
NOTE:
UltraAuth has removed their software which supports OmniAuth integration. We have therefore removed all references to UltraAuth integration.
## SaaS vs Self-Managed Comparison
The external authentication and authorization providers may support the following capabilities.
For more information, see the links shown on this page for each external provider.
2022-08-13 15:12:31 +05:30
| Capability | SaaS | Self-managed |
2021-09-30 23:02:18 +05:30
|-------------------------------------------------|-----------------------------------------|------------------------------------|
2023-04-23 21:23:45 +05:30
| **User Provisioning** | SCIM<br>SAML <sup>1</sup> | LDAP <sup>1</sup><br>SAML <sup>1</sup><br>[OmniAuth Providers](../../integration/omniauth.md#supported-providers) <sup>1</sup><br>SCIM |
2021-09-30 23:02:18 +05:30
| **User Detail Updating** (not group management) | Not Available | LDAP Sync |
2023-04-23 21:23:45 +05:30
| **Authentication** | SAML at top-level group (1 provider) | LDAP (multiple providers)<br>Generic OAuth 2.0<br>SAML (only 1 permitted per unique provider)<br>Kerberos<br>JWT<br>Smartcard<br>[OmniAuth Providers](../../integration/omniauth.md#supported-providers) (only 1 permitted per unique provider) |
2022-07-23 23:45:48 +05:30
| **Provider-to-GitLab Role Sync** | SAML Group Sync | LDAP Group Sync<br>SAML Group Sync ([GitLab 15.1](https://gitlab.com/gitlab-org/gitlab/-/issues/285150) and later) |
2023-04-23 21:23:45 +05:30
| **User Removal** | SCIM (remove user from top-level group) | LDAP (remove user from groups and block from the instance)<br>SCIM |
2022-08-13 15:12:31 +05:30
1. Using Just-In-Time (JIT) provisioning, user accounts are created when the user first signs in.