Log in with GitLab

Allows users to authenticate using their GitLab credentials by configuring GitLab as a federated identity provider via OAuth 2.0.

Preparation

The following placeholders are used in this guide:

• authentik.company is the FQDN of the authentik installation.
• gitlab.company is the FQDN of the GitLab installation. Use gitlab.com for GitLab SaaS.

GitLab configuration

To integrate GitLab with authentik, you need to create an OAuth application in GitLab.

1. Log in to GitLab and navigate to the application settings:

   • For a user-owned application, select your avatar, click Edit profile, and then navigate to Access > Applications.
   • For a group-owned application, navigate to the group and then click Settings > Applications.
   • For an instance-wide application, navigate to Admin > Applications.

2. Click Add new application or New application and set the following values:

   • Name: authentik
   • Redirect URI: https://authentik.company/source/oauth/callback/gitlab/
   • Scopes: select all four of the following:
     • read_user
     • openid
     • profile
     • email

3. Click Save application and take note of the Application ID and Secret. These values are required in the next section.

authentik configuration

To support the integration of GitLab with authentik, you need to create a GitLab OAuth source in authentik.

1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to Directory > Federation and Social login, click New Source, and then configure the following settings:
   • Select type: select GitLab OAuth Source as the source type.
   • Create GitLab OAuth Source: provide a name, a slug which must match the slug used in the GitLab Redirect URI field (e.g. gitlab), and set the following required configurations:
     • Under Protocol settings:
       • Consumer key: set the Application ID from GitLab.
       • Consumer secret: set the Secret from GitLab.
     • Under URL settings (self-hosted GitLab instances only):
       • Authorization URL: https://gitlab.company/oauth/authorize
       • Access token URL: https://gitlab.company/oauth/token
       • Profile URL: https://gitlab.company/oauth/userinfo
       • OIDC Well-known URL: https://gitlab.company/.well-known/openid-configuration
       • OIDC JWKS URL: https://gitlab.company/oauth/discovery/keys
3. Click Finish to save your settings.

Display new source on login screen

For instructions on how to display the new source on the authentik login page, refer to the Add sources to default login page documentation.

Embed new source in flow Enterprise

For instructions on embedding the new source within a flow, such as an authorization flow, refer to the Source Stage documentation.

Source property mappings

Source property mappings allow you to modify or gather extra information from sources. See the overview for more information.

Resources

• GitLab Docs - Configure GitLab as an OAuth 2.0 authentication identity provider