GitLab Single-Sign-On

Single-Sign-On can be configured with the following services.

GitLab

Follow these steps to configure Mattermost to use GitLab as a single-sign-on (SSO) service for team creation, account creation and sign-in.

  1. Login to your GitLab account and under Profile Settings go to Applications.

  2. Add a new application called “Mattermost” with the following as Redirect URIs:

    • <your-mattermost-url>/login/gitlab/complete (example: http://localhost:8065/login/gitlab/complete)
    • <your-mattermost-url>/signup/gitlab/complete

    Note: If your GitLab instance is set up to use SSL, your URIs must begin with https://. Otherwise, use http://.

  3. Submit the application and copy the given Id and Secret into the appropriate GitLabSettings fields in config/config.json

  4. Also in config/config.json, set Enable to true for the gitlab section, leave Scope blank and use the following for the endpoints:

    • AuthEndpoint: https://<your-gitlab-url>/oauth/authorize (example https://example.com/oauth/authorize)
    • TokenEndpoint: https://<your-gitlab-url>/oauth/token
    • UserApiEndpoint: https://<your-gitlab-url>/api/v3/user

    Note: Make sure your HTTPS or HTTP prefix for endpoint URLs matches your server configuration.

  5. (Optional) If you would like to force all users to sign-up with GitLab only, in the ServiceSettings section of config/config.json set DisableEmailSignUp to true.

  6. Restart your Mattermost server to see the changes take effect.

Notes: