Gitlab hero border pattern left svg Gitlab hero border pattern right svg

System Access

Stage Manage
Maturity Complete
Content Last Reviewed 2023-02-14

Introduction and how you can help

Welcome to the System Access category page, which sits within the Authentication and Authorization group at GitLab. System Access is rather broad, but hopefully by the time you are done reading this page, you will have a much better idea of what it means to us.

There are many different entry points in the GitLab Ecosystem. The System Access category is all about maintaining those entry points and ensuring the users that authenticate through them are permitted to do so. We provide various tooling to make system access as secure and flexible as possible.

This direction page is a work in progress, and everyone can contribute:

Strategy and Themes

Authenticating with GitLab is considered a core component of the platform. Every product on the market provides some level of authentication. For GitLab, the base version of our authentication needs to be stronger than the advanced versions of authentication other products may have.


Two reasons come to mind: 1. Technically advanced user base, who has security at the forefront of their minds 2. We help our customers protect their most valuable asset: their intellectual property

We provide a wide array of authentication methods, and the associated methods for securing auth even further.

Authentication Methods


1 year plan

  1. Customizable Roles - The current 5 static roles that GitLab comes with out of the box are not flexible enough to meet the compliance and security needs of today's enterprise. We will be allowing admins / group owners to define their own roles, which will consist of permissions currently present in this table.

  2. FedRAMP compliance

  3. Service Accounts - will roll Group and Project Access tokens into a new concept called Service Accounts, which will be better attuned to the needs of integrations rather than human users. We have started laying the groundwork for Service Accounts with code in 15.9.

  4. Enterprise Users - Allow Administrators and Group Owners more control over their claimed users, including limiting their ability to change their e-mail address and delete company-owned intellectual property.

What is next for us

What we are currently working on

What we recently completed

What is Not Planned Right Now

Key Capabilities


Top [1/2/3] Competitive Solutions

Maturity Plan

Target Audience

Edit this page View source