Set up OmniAuth provider in GitLab

This article describes how to activate various OAuth 2.0 providers as OmniAuth providers. This allows you to log in to your GitLab instance with your OAuth 2.0 provider credentials.


Prerequisites:

  • OAuth2 provider endpoint (e.g. Azure Active Directory v2)
  • GitLab server
  • Google OAuth API endpoint details
    • App ID
    • App Secret
  • Details of Azure OAuth API endpoint
    • Client ID
    • Client Secret
    • Tenant ID


Customization of the GitLab configuration

To activate an OmniAuth provider, log in to the creoline Customer Center and navigate to the GitLab server for which you want to activate an OmniAuth provider. Select the Configuration files tab and then click Edit.


Now adjust the following settings in the GitLab configuration file accordingly.


gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_ldap_user'] = true


You can also use Ctrl + F (Windows) or Command + F (MacOs) to search for a specific term or similar within the configuration file for faster navigation when editing large configuration files.



Google

Configuration for the Google OAuth v2 endpoint

gitlab_rails['omniauth_providers'] = [
  {
    "name" => "google_oauth2",
    "label" => "Displayed name for the login button",
    "args" => {
      "client_id" => "<App ID>",
      "client_secret" => "<App Secret>",
      "tenant_id" => "<Tenant ID>",
    }
  }
]



Microsoft Azure

Configuration for the Microsoft Azure OAuth v1 endpoint

gitlab_rails['omniauth_allow_single_sign_on'] = ['azure_oauth2']
gitlab_rails['omniauth_sync_profile_from_provider'] = ['azure_oauth2']
gitlab_rails['omniauth_auto_link_user'] = ['azure_oauth2']

gitlab_rails['omniauth_providers'] = [
  {
    "name" => "azure_oauth2",
    "label" => "Displayed name for the login button",
    "args" => {
      "client_id" => "<client ID>",
      "client_secret" => "<client secret>",
      "tenant_id" => "<tenant ID>",
    }
  }
]



Configuration for the Microsoft Azure OAuth v2 endpoint

gitlab_rails['omniauth_allow_single_sign_on'] = ['azure_activedirectory_v2']
gitlab_rails['omniauth_sync_profile_from_provider'] = ['azure_activedirectory_v2']
gitlab_rails['omniauth_auto_link_user'] = ['azure_activedirectory_v2']

gitlab_rails['omniauth_providers'] = [
  {
    "name" => "azure_activedirectory_v2",
    "label" => "Displayed name for the login button",
    "args" => {
      "client_id" => "<client ID>",
      "client_secret" => "<client secret>",
      "tenant_id" => "<tenant ID>",
    }
  }
]



Then enter a short message in the Change message area explaining why the OmniAuth setting was changed and save the changes using the Save changes button.


Saving the configuration automatically triggers the deployment of the configuration and the subsequent restart of GitLab. Inform active users about the planned action in advance.


After successfully applying the GitLab configuration, the button for logging in via Microsoft Azure access data is displayed on the login page of your GitLab instance. Example Microsoft Azure OAuth v2 button


GitLab provides further information in the official documentation.

To the GitLab documentation →

Similar articles
On this page
Emergency?
In urgent cases, our emergency hotline is available around the clock at +49 2507 900 80 - 34.