You can set up Single Sign-on (SSO) with GitLab SaaS or a self-hosted GitLab for your team. This section helps you to create an OIDC application with GitLab. The Client ID, Client Secret, and Issuer URL of this OIDC application are required to setup SSO in Ona. See the Step-by-step guide for the general instructions.

Prerequisites

As prerequisites you will need the following:
  • If you are setting up SSO with a self-hosted GitLab, make sure you have Admin permissions on that GitLab installation, or work together with the administrator.
  • If you are setting up SSO with GitLab SaaS (gitlab.com), it is advised to create the OIDC application in a group, so please make sure you have Group Admin permissions on that group.

Create an OIDC application

The OIDC application allows you to integrate with Ona.
  1. Navigate to Groups > My Awesome Group > Settings > Applications (for SaaS) or Admin Area > Application (for self-hosted).
  2. Click the Add new application button.
GitLab - Add new application GitLab - Add new application
  1. Configure the OIDC application by filling out the form:
    • Name: Ona
    • Redirect URI: https://app.gitpod.io/auth/oidc/callback
    • Confidential: Yes
    • Scopes:
      • read_user
      • openid
      • profile
      • email
      Then click the Save Application button.
GitLab - Application scopes GitLab - Application scopes
  1. Obtain the Client ID & Client Secret from the following confirmation screen, which you’ll need for the Ona SSO configuration in the following step. This is how to interpret the information:
    • Application ID: Client ID
    • Secret: Client Secret
GitLab - Application secret GitLab - Application secret
  1. Which Issuer URL to use?
    • For self-hosted GitLab: https://your-gitlab-installation.org
    • For GitLab Saas: https://gitlab.com
  2. Continue with the SSO configuration in Ona: Clicking Save & Test