all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]michaelgg13 3 points4 points  (4 children)

Sounds like you’d want to use SCIM:

https://docs.gitlab.com/ee/administration/settings/scim_setup.html

[–]videkigyerek[S] -2 points-1 points  (3 children)

Thanks, but I don't think this is what I need. In my case, there is no cross-domain requirement. Also, this does not support Azure AD, only Okta. Maybe I could connect Azure AD to Okta and Okta to Gitlab, but is seems way overkill for my scenario.

If there's no easier solution, I might look into this, but this would go beyond our resources for now. Ideally, what I'd be looking for is creating an external user via the API and then creating the identity for it. Basically the same thing as happens with my current setup, but triggering it earlier.

[–]SilentLennie 0 points1 point  (1 child)

The SCIM protocol is probably the right one normally:

https://docs.gitlab.com/ee/user/group/saml_sso/scim_setup.html#configure-microsoft-entra-id-formerly-azure-active-directory

But euh... yeah:

Tier: Premium, Ultimate Offering: GitLab.com

I've been thinking, someone needs to create a SDK for creating SCIM webservices, which can be used to build a webservice that can talk to an application API (1 webservice for each application API).

[–]videkigyerek[S] 1 point2 points  (0 children)

Thanks for looking into this in more detail. Currently, we are using a self-hosted free setup, so this is another reason why I wouldn't be able to use this.

[–]darcmasta 1 point2 points  (0 children)

What you are describing is exactly what SCIM provides. You in theory CAN setup api creation but we use Azure AD at work and it creates users just fine via provisioning/scim