I'm setting up OmniAuth on my self-managed Gitlab. I have a SAML provider setup on Authentik. The SSO is working correctly.
I would like to have all users in the Authentik managed group to be in the Gitlab users database. I currently have to wait for the user to login in Gitlab to be able to assign him to any project. It'll be useful to assign users to projects directly from Gitlab before he login in Gitlab.
Is there any possibility to sync the users directly from the gitlab OmniAuth config?
Gitlab also have a LDAP synchronization for users and groups. Does that means I have to also setup the LDAP integration in my gitlab.rb ?
My gitlab.rb configuration look like this:
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_providers'] = [
{
name: 'saml',
// APPEARS TO BE SPAM?
label: 'authentik'
}
]
I tried the following values without success:
gitlab_rails['omniauth_auto_link_ldap_user'] = false
gitlab_rails['omniauth_auto_link_user'] = ['saml']
