Integrate GitLab with Zero Trust Network Access

In this topic, you will find general instructions on how to integrate GitLab with Portnox™ Zero Trust Network Access using the conditional access method.

Create a Portnox Cloud application configuration

In this step, you will create a configuration in Portnox Cloud that will contain all the information necessary to integrate with GitLab.

  1. In a new tab of your browser, open your Portnox Cloud account by accessing the following URL: https://clear.portnox.com/

    From now on, we will call this tab the Portnox tab.

  2. In the Cloud portal top menu, click on the Zero Trust Resources option.

  3. On the Resources screen, click on the Create resource button.

    1. In the What type of resource is this? section, select the SSO web resource option.
    2. In the Authentication protocol section, select the SAML option.
    3. Click on the Next button.

  4. Optional: If you have more than one SAML identity provider configured, select the identity provider in the Select an identity provider to use for this resource section.
  5. In the Resource details section, enter a Resource name and optionally a Description.

    In this example, we used the name GitLab for the new application configuration but you can use any name you like.

  6. Keep this browser tab open. You will need it later.

Open your GitLab SAML SSO settings

In this section, you will access your GitLab administrative interface and find the SAML single sign-on (SSO) settings.

  1. In another tab of your browser, open GitLab by accessing the following URL: https://gitlab.com/. Then, log in to your account.

    From now on, we will call this tab the GitLab tab.

  2. Go to the SAML SSO settings for the group that you administer.

    You can access your group’s SAML SSO settings in two ways:

    • Click: your profile picture > your name > Groups > your group, and from the left-hand menu, select the Settings > SAML SSO option.

    • Go to the following URL: https://gitlab.com/groups/<your_group>/-/saml, replacing <your_group> with the identifier of your group.

Copy configuration values from the Portnox tab to the GitLab tab

In this section, you will copy the values displayed by Portnox Cloud and paste them in the relevant fields in the GitLab SAML SSO setup section.

  1. In the Portnox tab, in the Service details section, click on the  ⧉  icon next to the Sign-In URL / SSO URL field to copy the value.

  2. In the GitLab tab, click on the empty field next to the Identity provider single sign-on URL label and paste the value copied from Portnox Cloud.

  3. In the Portnox tab, in the Certificates > Signing certificates section, click on the  ⋮  icon next to the Active certificate and select the Download certificate option to download the certificate to the local drive.

  4. Open the certificate in your operating system. Then, find and copy its thumbprint value.

    For example:

    • In Windows:
      1. Double-click on the downloaded certificate file and click on the Open button.

      2. In the Certificate window, go to the Details tab, scroll down the list to see the Thumbprint entry, click on it, and then double-click on the value in the field below and press the key combination CTRL + C to copy the value to the clipboard.

    • In macOS:
      1. Double-click on the downloaded certificate file and click on the View Certificates button.

      2. Click on the Details label to show certificate details.

      3. Scroll down to the Fingerprints section, mark the value of the SHA-1 field, and press the key combination Command + C to copy the value to the clipboard.

  5. In the GitLab tab, click on the empty field next to the Certificate fingerprint label and paste the value copied from your operating system.

Copy configuration values from the GitLab tab to the Portnox tab

In this section, you will copy the values displayed in your GitLab SAML SSO setup section, and paste them in the relevant fields in Portnox Cloud.

  1. In the GitLab tab, click on the  ⧉  icon next to the Assertion consumer service URL field.

  2. In the Portnox tab, in the Resource properties section, click on the empty field under the Assertion Consumer Service (ACS) URL / Reply URL heading and paste the value copied from GitLab.

  3. In the GitLab tab, click on the  ⧉  icon next to the Identifier field.

  4. In the Portnox tab, in the Resource properties section, click on the empty field under the Entity ID / Service Provider Entity URL heading and paste the value copied from GitLab.

Finalize the configuration

In this section, you will finalize the configuration in Portnox Cloud and GitLab.

  1. Finalize the configuration in the Portnox tab.
    1. Optional: In the Policy enforcement section, in the Device risk assessment section, change the setting to Override with custom policy and then select a risk assessment policy if you want to assess risk with this application using a custom risk assessment policy, and in the Access control section, change the setting to Override with custom policy and then select an access control policy if you want to control access to this application using a custom access control policy.
    2. Scroll all the way down to the end of the page, and then click on the Save and Close button.

  2. Finalize the configuration in the GitLab tab.
    1. Click on the Save changes button.

Result: You have configured GitLab to be accessible using Portnox Zero Trust Network Access.

Note: Single sign-on with Zero Trust Network Access will not be enforced for your personal account. It will be activated when you or your group members access the group. You can share the group’s single sign-on URL with your group members. This URL is specified in the GitLab single sign-on URL field, and has the following format: https://gitlab.com/groups/your_group/-/saml/sso?token=token_value.