2026-06-17 19:09:11 +03:00 · 2026-06-04 23:07:02 +02:00
parent 9840fa5e55
commit 26e7078ae9
1 changed files with 70 additions and 0 deletions
@@ -0,0 +1,70 @@
---
title: Log in with GitLab
sidebar_label: GitLab
tags:
    - source
    - gitlab
---
Allows users to authenticate using their GitLab credentials by configuring GitLab as a federated identity provider via OAuth 2.0.
## Preparation
The following placeholders are used in this guide:
- `authentik.company` is the FQDN of the authentik installation.
- `gitlab.company` is the FQDN of the GitLab installation. Use `gitlab.com` for GitLab SaaS.
## GitLab configuration
To integrate GitLab with authentik, you need to create an OAuth application in GitLab.
1. Log in to GitLab and navigate to the application settings:
    - For a user-owned application, select your avatar, click **Edit profile**, and then navigate to **Access** > **Applications**.
    - For a group-owned application, navigate to the group and then click **Settings** > **Applications**.
    - For an instance-wide application, navigate to **Admin** > **Applications**.
2. Click **Add new application** or **New application** and set the following values:
    - **Name**: `authentik`
    - **Redirect URI**: `https://authentik.company/source/oauth/callback/gitlab/`
    - **Scopes**: select all four of the following:
        - `read_user`
        - `openid`
        - `profile`
        - `email`
3. Click **Save application** and take note of the **Application ID** and **Secret**. These values are required in the next section.
## authentik configuration
To support the integration of GitLab with authentik, you need to create a GitLab OAuth source in authentik.
1. Log in to authentik as an administrator and open the authentik Admin interface.
2. Navigate to **Directory** > **Federation and Social login**, click **New Source**, and then configure the following settings:
    - **Select type**: select **GitLab OAuth Source** as the source type.
    - **Create GitLab OAuth Source**: provide a name, a slug which must match the slug used in the GitLab **Redirect URI** field (e.g. `gitlab`), and set the following required configurations:
        - Under **Protocol settings**:
            - **Consumer key**: set the **Application ID** from GitLab.
            - **Consumer secret**: set the **Secret** from GitLab.
        - Under **URL settings** _(self-hosted GitLab instances only)_:
            - **Authorization URL**: `https://gitlab.company/oauth/authorize`
            - **Access token URL**: `https://gitlab.company/oauth/token`
            - **Profile URL**: `https://gitlab.company/oauth/userinfo`
            - **OIDC Well-known URL**: `https://gitlab.company/.well-known/openid-configuration`
            - **OIDC JWKS URL**: `https://gitlab.company/oauth/discovery/keys`
3. Click **Finish** to save your settings.
:::info Display new source on login screen
For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page).
:::
:::info Embed new source in flow :ak-enterprise
For instructions on embedding the new source within a flow, such as an authorization flow, refer to the [Source Stage documentation](../../../../../add-secure-apps/flows-stages/stages/source/).
:::
## Source property mappings
Source property mappings allow you to modify or gather extra information from sources. See the [overview](../../property-mappings/index.md) for more information.
## Resources
- [GitLab Docs - Configure GitLab as an OAuth 2.0 authentication identity provider](https://docs.gitlab.com/integration/oauth_provider/)