• Home
• App Integrations
• Single Sign-On (SSO) Integrations
• GitLab Single Sign-On (SSO)

GitLab Single Sign-On (SAML SSO)

---

GitLab SAML Single Sign-On (SSO) solution by miniOrange provides secure Single Sign-On access to GitLab & multiple On-Premise and Cloud Applications using a single set of login credentials. With miniOrange IDP service you can SSO login to multiple applications using a single Gitlab username and password. Gitlab Single Sign-On (SSO) can also be enabled if your users are in any of the third-party Identity Providers and you want your users to log into Gitlab uisng existing IdP credentials, you can easily allow them to SSO into Gitlab in a secure manner.

With miniOrange GitLab SSO, you can:

• Enable your users to automatically login to GitLab.
• Have centralized and easy access control of the users.
• Connect easily with any external identity source like Azure AD, ADFS, Cognito, etc.

Supported SSO Features

miniOrange GitLab SAML integration supports the following features:

• SP Initiated SSO Login: Users can access their GitLab account via a URL or bookmark. They will automatically be redirected to the miniOrange portal for login. Once they've signed on, they'll be automatically redirected and logged into GitLab.
• IdP Initiated SSO Login: Users need to login to the miniOrange first , and then click on the GitLab icon on the applications dashboard to access GitLab.(If you have set up any more Identity Sources, you will log in to that platform).
• JIT Provisioning: Enables the automatic creation of user accounts in GitLab when a person logs in for the first time via Desktop SSO, IDP, or Active Directory (AD) authentication.
• Single Logout: With this feature, you will be automatically logged out of all the applications that are connected with Identity provider (IdP) when you log out from GitLab org or any other app.
• Mandate users to Login using SSO: Single Sign-on can make it mandatory for all users to log in using SSO. This will prevent any person from login using any other source and bypassing the login system. No person will be able to have direct login making it a streamline and secure process.

Prerequisites

• Login into GitLab admin dashboard.
• Go to Groups >> Your groups.



• Click on New group button.



• Enter the required group details and then click on Create group.



• In Groups, select the group name that you created.



• In the left menu bar, click on Settings >> SAML SSO.



• Under SAML Single Sign On, copy the GitLab metadata URL. This will be required in Step 1 while configuring SSO on the miniOrange dashboard.

Follow the Step-by-Step Guide given below for Gitlab Single Sign-On (SSO)

1. Configure GitLab in miniOrange

• Login into miniOrange Admin Console.
• Go to Apps and click on Add Application button.



• In Choose Application, select SAML/WS-FED from the application type dropdown.



• Search for GitLab in the list, if you don't find GitLab in the list then, search for custom and you can set up your application in Custom SAML App.

• Now we will upload the metadata URL from the GitLab that you downloaded in Prerequisite using the Import SP Metadata feature.



• Enter the App name as GitLab, select the SP Metadata file format and upload the file.
• Then click on the Import button.
• All the values will be auto-filled
• Click on Next to proceed further.
• In the Attribute Mapping tab configure the following attributes as shown in the image below.



• To upload respective app logo for a Custom SAML App, click on Upload Logo tab.



• Click on Save.

To get miniOrange metadata details in order to configure GitLab:

• Go to Apps >> Manage Apps.
• Search for your app and click on the Select in action menu against your app.
• Click on the Metadata Option under the Select Dropdown to get the miniOrange Metadata details. You can also click on the Show SSO Link to see the IdP initiated SSO link for GitLab.



• Here you will see 2 options, if you are setting up miniOrange as IDP copy the metadetails related to miniOrange, if you required to be authenticated via external IDP's (Okta, Azure AD, ADFS, OneLogin, Google Workspace) you can get metadata from the 2nd Section as shown below.



• Keep SAML Login URL, SAML Logout URL and click on the Download Certificate button to download certificate which you will require in Step 2.

2. Setting SAML SSO in Gitlab

• Sign up to GitLab admin console.
• Navigate to the Settings >> SAML SSO.
• Scroll down to Configuration and turn on the Enable SAML authentication for this group toggle button.
• Enter the following values into the fields below:

Identity provider single sign on URL	You will get IdP Metadata URL from miniOrange dashboard
Certificate fingerprint	The SHA-1 Fingerprint needs to be used in the configuration below.




• Click on Save Changes.

3. Test SSO Configuration

Test SSO login to your GitLab account with miniOrange IdP:

Using SP Initiated Login

• Go to your GitLab URL, here you will be either asked to enter the username or click on the SSO link which will redirect you to miniOrange IdP Sign On Page.



• Enter your miniOrange login credential and click on Login. You will be automatically logged in to your GitLab account.

Using IDP Initiated Login

• Login to miniOrange IdP using your credentials.



• On the Dashboard, click on GitLab application which you have added, to verify SSO configuration.





Not able to configure or test SSO?


Contact us or email us at idpsupport@xecurify.com and we'll help you setting it up in no time.

External References

• Know More about Single Sign On
• Learn more about how miniOrange functions as an Identity Broker