Set up OmniAuth provider in GitLab
This article describes how to activate various OAuth 2.0 providers as OmniAuth providers. This allows you to log in to your GitLab instance with your OAuth 2.0 provider credentials.
Prerequisites:
- OAuth2 provider endpoint (e.g. Azure Active Directory v2)
- GitLab server
- Google OAuth API endpoint details
- App ID
- App Secret
- Details of Azure OAuth API endpoint
- Client ID
- Client Secret
- Tenant ID
Customization of the GitLab configuration
To activate an OmniAuth provider, log in to the creoline Customer Center and navigate to the GitLab server for which you want to activate an OmniAuth provider. Select the Configuration files tab and then click Edit.
Now adjust the following settings in the GitLab configuration file accordingly.
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_ldap_user'] = true
You can also use Ctrl + F (Windows) or Command + F (MacOs) to search for a specific term or similar within the configuration file for faster navigation when editing large configuration files.
Configuration for the Google OAuth v2 endpoint
gitlab_rails['omniauth_providers'] = [
{
"name" => "google_oauth2",
"label" => "Displayed name for the login button",
"args" => {
"client_id" => "<App ID>",
"client_secret" => "<App Secret>",
"tenant_id" => "<Tenant ID>",
}
}
]
Microsoft Azure
Configuration for the Microsoft Azure OAuth v1 endpoint
gitlab_rails['omniauth_allow_single_sign_on'] = ['azure_oauth2']
gitlab_rails['omniauth_sync_profile_from_provider'] = ['azure_oauth2']
gitlab_rails['omniauth_auto_link_user'] = ['azure_oauth2']
gitlab_rails['omniauth_providers'] = [
{
"name" => "azure_oauth2",
"label" => "Displayed name for the login button",
"args" => {
"client_id" => "<client ID>",
"client_secret" => "<client secret>",
"tenant_id" => "<tenant ID>",
}
}
]
Configuration for the Microsoft Azure OAuth v2 endpoint
gitlab_rails['omniauth_allow_single_sign_on'] = ['azure_activedirectory_v2']
gitlab_rails['omniauth_sync_profile_from_provider'] = ['azure_activedirectory_v2']
gitlab_rails['omniauth_auto_link_user'] = ['azure_activedirectory_v2']
gitlab_rails['omniauth_providers'] = [
{
"name" => "azure_activedirectory_v2",
"label" => "Displayed name for the login button",
"args" => {
"client_id" => "<client ID>",
"client_secret" => "<client secret>",
"tenant_id" => "<tenant ID>",
}
}
]
Then enter a short message in the Change message area explaining why the OmniAuth setting was changed and save the changes using the Save changes button.
Saving the configuration automatically triggers the deployment of the configuration and the subsequent restart of GitLab. Inform active users about the planned action in advance.
After successfully applying the GitLab configuration, the button for logging in via Microsoft Azure access data is displayed on the login page of your GitLab instance.
Further links
GitLab provides further information in the official documentation.