2021-09-30 23:02:18 +05:30
---
type: index
stage: Manage
2022-04-04 11:22:00 +05:30
group: Authentication and Authorization
2022-11-25 23:54:43 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
2021-09-30 23:02:18 +05:30
---
# GitLab authentication and authorization **(FREE SELF)**
2022-07-23 23:45:48 +05:30
GitLab integrates with a number of [OmniAuth providers ](../../integration/omniauth.md#supported-providers ),
and the following external authentication and authorization providers:
2021-09-30 23:02:18 +05:30
- [LDAP ](ldap/index.md ): Includes Active Directory, Apple Open Directory, Open LDAP,
and 389 Server.
- [Google Secure LDAP ](ldap/google_secure_ldap.md )
- [SAML for GitLab.com groups ](../../user/group/saml_sso/index.md ) ** (PREMIUM SAAS)**
- [Smartcard ](smartcard.md ) ** (PREMIUM SELF)**
NOTE:
UltraAuth has removed their software which supports OmniAuth integration. We have therefore removed all references to UltraAuth integration.
## SaaS vs Self-Managed Comparison
The external authentication and authorization providers may support the following capabilities.
For more information, see the links shown on this page for each external provider.
2022-08-13 15:12:31 +05:30
| Capability | SaaS | Self-managed |
2021-09-30 23:02:18 +05:30
|-------------------------------------------------|-----------------------------------------|------------------------------------|
2023-04-23 21:23:45 +05:30
| **User Provisioning** | SCIM< br > SAML < sup > 1</ sup > | LDAP < sup > 1</ sup >< br > SAML < sup > 1</ sup >< br > [OmniAuth Providers](../../integration/omniauth.md#supported-providers) < sup > 1</ sup >< br > SCIM |
2021-09-30 23:02:18 +05:30
| **User Detail Updating** (not group management) | Not Available | LDAP Sync |
2023-04-23 21:23:45 +05:30
| **Authentication** | SAML at top-level group (1 provider) | LDAP (multiple providers)< br > Generic OAuth 2.0< br > SAML (only 1 permitted per unique provider)< br > Kerberos< br > JWT< br > Smartcard< br > [OmniAuth Providers](../../integration/omniauth.md#supported-providers) (only 1 permitted per unique provider) |
2022-07-23 23:45:48 +05:30
| **Provider-to-GitLab Role Sync** | SAML Group Sync | LDAP Group Sync< br > SAML Group Sync ([GitLab 15.1](https://gitlab.com/gitlab-org/gitlab/-/issues/285150) and later) |
2023-04-23 21:23:45 +05:30
| **User Removal** | SCIM (remove user from top-level group) | LDAP (remove user from groups and block from the instance)< br > SCIM |
2022-08-13 15:12:31 +05:30
1. Using Just-In-Time (JIT) provisioning, user accounts are created when the user first signs in.
2023-06-20 00:43:36 +05:30
## Test OIDC/OAuth in GitLab
See [Test OIDC/OAuth in GitLab ](test_oidc_oauth.md ) to learn how to test OIDC/OAuth authentication in your GitLab instance using your client application.