GitLab

Capabilities overview

GitLab is a web-based DevOps lifecycle tool that provides a Git repository manager providing wiki, issue-tracking and continuous integration and deployment pipeline features, using an open-source license, developed by GitLab Inc.

Gitlab pricing page

Supported capability Required plan Details
Passwordless SSO Free plan Low SSO tax
Automated provisioning Premium plan SCIM 2.0 (create, remove accounts)
Password manager Any Auto-fill / Auto-capture

Prerequisites

In order to configure passwordless SSO between idemeum and GitLab you will first need to obtain your idemeum tenant SAML metadata parameters. Specifically you will need:

  • SHA1 formatted fingerprint of Public X509 certificate
  • Identity Provider SSO URL

Instructions for how to obtain idemeum SAML metadata values for your tenant are below.

How to obtain SAML metadata for idemeum
SAML metadata is the data that describes the information needed to communicate between your SaaS application and idemeum in order to enable Single Sign-On. Based on SAML terminology SaaS application is called Service Provider (SP) and idemeum will be Identity Provider (IDP). Typically you will be a…

The example of SSL certificate SHA1 fingerprint is 66:6D:DF:74:A2:F9:98:5C:71:7D:BD:A0:06:91:8E:6E:44:BA:C9:90


Passwordless Single Sign-On (SAML)

Configure SSO in GitLab

  • Navigate to your Groups in GitLab admin dashboard
  • Choose the group you want to enable SSO
  • Navigate to Settings -> SAML SSO
Now you will be using idemeum SAML metadata values obtained in the prerequisites section
  • Paste Identity Provider SSO URL and Certificate fingerprint values that you obtained in the previous section
  • Choose the default membership role for the users signing in with SAML SSO
  • Click Save changes
  • Now you can grab GitLab metadata URL as you will need that for idemeum SSO configuration

Configure SSO in idemeum

  • Navigate to your idemeum admin portal at https://[your domain].idemeum.com/adminportal
  • Click Applications in the left menu
  • Search for GitLab application and click Add App
  • Click SAML at the top navigation menu
  • Paste the metadata URL link that you obtained from GitLab and click Load config
  • Click Save

Automated provisioning with SCIM

  • Navigate to your Groups in GitLab admin dashboard
  • Choose the group you want to enable SSO. Navigate to Settings -> SAML SSO
  • Scroll down to SCIM token section
  • Click Generate a SCIM token
  • From the new window copy Your new SCIM token and SCIM API endpoint URL. You will need these values for idemeum configuration
  • Navigate back to idemeum GitLab app configuration
  • Click on Provisioning section
  • Enter SCIM Base URL and Access Token that you obtained from GitLab
  • Click Save

Application entitlements

Before users can access applications you need to make sure you entitle applications to them. In idemeum admin portal navigate to Entitlements section to assign applications to your employees.


SSO login flows

GitLab dashboard supports only IDP Initiated Flow for SSO.

IDP Initiated flow

With this flow users first navigate to idemeum user catalog and then click on GitLab icon to launch application.