diff --git a/website/docs/users-sources/sources/social-logins/gitlab/index.mdx b/website/docs/users-sources/sources/social-logins/gitlab/index.mdx new file mode 100644 index 0000000000..b0246adcec --- /dev/null +++ b/website/docs/users-sources/sources/social-logins/gitlab/index.mdx @@ -0,0 +1,70 @@ +--- +title: Log in with GitLab +sidebar_label: GitLab +tags: + - source + - gitlab +--- + +Allows users to authenticate using their GitLab credentials by configuring GitLab as a federated identity provider via OAuth 2.0. + +## Preparation + +The following placeholders are used in this guide: + +- `authentik.company` is the FQDN of the authentik installation. +- `gitlab.company` is the FQDN of the GitLab installation. Use `gitlab.com` for GitLab SaaS. + +## GitLab configuration + +To integrate GitLab with authentik, you need to create an OAuth application in GitLab. + +1. Log in to GitLab and navigate to the application settings: + - For a user-owned application, select your avatar, click **Edit profile**, and then navigate to **Access** > **Applications**. + - For a group-owned application, navigate to the group and then click **Settings** > **Applications**. + - For an instance-wide application, navigate to **Admin** > **Applications**. +2. Click **Add new application** or **New application** and set the following values: + - **Name**: `authentik` + - **Redirect URI**: `https://authentik.company/source/oauth/callback/gitlab/` + - **Scopes**: select all four of the following: + - `read_user` + - `openid` + - `profile` + - `email` + +3. Click **Save application** and take note of the **Application ID** and **Secret**. These values are required in the next section. + +## authentik configuration + +To support the integration of GitLab with authentik, you need to create a GitLab OAuth source in authentik. + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Directory** > **Federation and Social login**, click **New Source**, and then configure the following settings: + - **Select type**: select **GitLab OAuth Source** as the source type. + - **Create GitLab OAuth Source**: provide a name, a slug which must match the slug used in the GitLab **Redirect URI** field (e.g. `gitlab`), and set the following required configurations: + - Under **Protocol settings**: + - **Consumer key**: set the **Application ID** from GitLab. + - **Consumer secret**: set the **Secret** from GitLab. + - Under **URL settings** _(self-hosted GitLab instances only)_: + - **Authorization URL**: `https://gitlab.company/oauth/authorize` + - **Access token URL**: `https://gitlab.company/oauth/token` + - **Profile URL**: `https://gitlab.company/oauth/userinfo` + - **OIDC Well-known URL**: `https://gitlab.company/.well-known/openid-configuration` + - **OIDC JWKS URL**: `https://gitlab.company/oauth/discovery/keys` +3. Click **Finish** to save your settings. + +:::info Display new source on login screen +For instructions on how to display the new source on the authentik login page, refer to the [Add sources to default login page documentation](../../index.md#add-sources-to-default-login-page). +::: + +:::info Embed new source in flow :ak-enterprise +For instructions on embedding the new source within a flow, such as an authorization flow, refer to the [Source Stage documentation](../../../../../add-secure-apps/flows-stages/stages/source/). +::: + +## Source property mappings + +Source property mappings allow you to modify or gather extra information from sources. See the [overview](../../property-mappings/index.md) for more information. + +## Resources + +- [GitLab Docs - Configure GitLab as an OAuth 2.0 authentication identity provider](https://docs.gitlab.com/integration/oauth_provider/)