How to configure GitLab integration with Encvoy ID

In this guide, you will learn how to set up single sign-on (SSO) in GitLab via the Encvoy ID system.

📌 GitLab is a web-based platform for managing projects and software code repositories, based on the popular Git version control system.

Setting up login via Encvoy ID consists of several key stages performed in two different systems.

• Step 1. Create application
• Step 2. Configure GitLab system
• Step 3. Verify integration

---

Step 1. Create application

1. Log in to the Encvoy ID system.

2. Create an application with the following settings:

3. Application Address - the address of your GitLab installation;

4. Redirect URL #1 (Redirect_uri) - <GitLab installation address>/users/auth/oauth2_generic/callback.

   🔍 For more details on creating applications, read the instructions.

5. Open the application settings and copy the values of the following fields:

   • Identifier (Client_id),
   • Secret key (client_secret).

---

Step 2. Configure GitLab system

Configuring user authorization for the GitLab service via Encvoy ID is done in the GitLab gitlab.rb configuration file, located in the service configuration folder (/config).

1. Open the gitlab.rb configuration file in edit mode and navigate to the OmniAuth Settings block.

2. Set the following values for the parameters:

       gitlab_rails['omniauth_enabled'] = true  
       gitlab_rails['omniauth_allow_single_sign_on'] = ['oauth2_generic', '<Encvoy IDSystemName>']  
       gitlab_rails['omniauth_block_auto_created_users'] = false  
   
       The value for gitlab_rails['omniauth_providers'] should look as follows:  
   
       gitlab_rails['omniauth_providers'] = [  
       {  
       'name' => 'oauth2_generic',   
       'app_id' => '<Client_id of the application created in Encvoy ID>',  
       'app_secret' => '<Client_secret of the application created in Encvoy ID>',  
       'args' => {  
       client_options: {  
       'site' => 'https://<Encvoy ID system address>/',  
       'authorize_url' => '/api/oidc/auth',  
       'user_info_url' => '/api/oidc/me',  
       'token_url' => '/api/oidc/token'  
       },  
       user_response_structure: {  
       root_path: [],  
       id_path: ['sub'],  
       attributes: { email:'email',  name:'nickname' },  
       },  
       scope: 'openid profile email',  
       'name' => '<Encvoy IDSystemName>’  
       }  
       }  
       ]  
   

   

3. Restart the GitLab service to apply the new settings.

4. If necessary, log in as an administrator to the GitLab service interface. Navigate to the settings path Admin (Admin Area) — Settings-General.

   On the page that opens, in the Sign-in restrictions block, check the box next to in the Enabled OAuth authentication sources sub-block.

   

---

Step 3. Verify integration

1. Open the GitLab login page.
2. Ensure that the Login via Encvoy ID button has appeared.

3. Click the button and log in using your corporate account:

4. The system will redirect you to the Encvoy ID authentication page.

5. Enter your corporate credentials.

   

6. After successful authentication, you should be redirected back to GitLab and automatically logged into your account.