The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.
Group | Authentication |
---|---|
Stage | Software Supply Chain Security |
Group | Authentication |
Content Last Reviewed | 2024-12-02 |
Thanks for visiting the direction page for Authentication in GitLab.
We've previously been called the "Access" team and the "Authentication and Authorization" team. Our focus has narrowed, and we are now the "Authentication" team.
If you'd like to have influence on what the group is working on, the best way to help is to comment on individual issues if they are of interest, and tag @hsutor
, Product Manager, so she sees your message.
We are on a mission to empower GitLab system administrators with the toolkit they need to create their desired balance of security and accessibility for their GitLab experience.
Authentication is the first impression any new customer has when they configure their shiny new GitLab instance, and we aim to make it as seamless as possible: from that moment of first logging in, to onboarding users, to managing the basic security rules for their instance.
We recognize that authentication is more than a shiny frontend. It is comprised of elecements that are foundational to keeping resources secure but accessible.
No matter the size of a company, for an authentication strategy to function, it must be secure, flexible, and scalable.
Our objective, as a team, is to enable GitLab administrators to strike their desired balance between security and accessibility for their users.
The primary audience for Auth is administrators in medium to large enterprises. These are privileged, sophisticated users in companies managing employee identities with a single source of truth; this may be a series of LDAP servers or an IDaaS service like Okta, Azure AD, or GSuite.
Our audience cares deeply about security, and is well-versed in all of the areas of the platform where authentication loopholes exist. They are often under tremendous scrutiny to meet various compliance and audit standards from organizations outside their own.
They expect ease of use in terms of onboarding, offboarding, and maintaining control over their users, particularly in an Enterprise context.
We recognize that every user that works in GitLab needs to authenticate, so this experience must be secure and scalable for everyone. Our target persona is administrators who implement identity, but end users of identity our are customers, too.