Ryfujk

Practical application of matrices and determinants

How to generate binary array whose elements with values 1 are randomly drawn

Do I need to be arrogant to get ahead?

What favor did Moody owe Dumbledore?

Have the tides ever turned twice on any open problem?

I got the following comment from a reputed math journal. What does it mean?

Hausdorff dimension of the boundary of fibres of Lipschitz maps

Relation between independence and correlation of uniform random variables

Why are there no stars visible in cislunar space?

Knife as defense against stray dogs

What (if any) is the reason to buy in small local stores?

Do native speakers use "ultima" and "proxima" frequently in spoken English?

Variable completely messes up echoed string

What is the significance behind "40 days" that often appears in the Bible?

PTIJ What is the inyan of the Konami code in Uncle Moishy's song?

Light propagating through a sound wave

In what cases must I use 了 and in what cases not?

How to define limit operations in general topological spaces? Are nets able to do this?

What can I do if I am asked to learn different programming languages very frequently?

In the 1924 version of The Thief of Bagdad, no character is named, right?

In Aliens, how many people were on LV-426 before the Marines arrived​?

Worshiping one God at a time?

Can a wizard cast a spell during their first turn of combat if they initiated combat by releasing a readied spell?

Recruiter wants very extensive technical details about all of my previous work

GitLab and OAuth to Azure AD

“User with an existing Microsoft account” cannot access app using Azure AD SSOReconcile Azure AD and On Prem AD using Azure AD SyncImitate Azure AD user/tenant claims within ADFSAzure VNet Peering across BizSpark subscriptionAzure AD; no global adminClose the authentication loop between local OneDrive clients and Azure ADIs there a way to create a user or change a password with on-prem AD and automatically force the Azure AD linked account to choose a new passwordSSO between gitlab and azure AD doesnt workAutomatically block Gitlab users, removed from LDAPAzure AD with Office 365 users and a NAS share

1

I've been tinkering with GitLab and Azure ActiveDirectory with OAuth and allowing AD users to connect to GitLab accounts. This is set up and works just fine. However, GitLab won't create users for AD users on the first login - they have to create a GitLab account first.

Is there a way to automatically allow AD users into GitLab without first creating an account and/or automatically creating the GitLab account for the AD user?

For reference, the relevant GitLab configuration:

 gitlab_rails['omniauth_enabled'] = true

 gitlab_rails['omniauth_allow_single_sign_on'] = ['azure']

 gitlab_rails['omniauth_external_providers'] = ['azure_oauth2']

 gitlab_rails['omniauth_block_auto_created_users'] = false

 gitlab_rails['sync_profile_from_provider'] = ['azure_oauth2']

 gitlab_rails['sync_profile_attributes'] = ['name', 'email']

 gitlab_rails['omniauth_providers'] = [

    {

      "name" => "azure_oauth2",

      "args" => {

        "client_id" => "my client id",

        "client_secret" => "my client secret",

        "tenant_id" => "my tenant id"

      }

    }

 ]

gitlab azure-active-directory oauth

share|improve this question

edited Sep 20 '17 at 8:46

Mr. Raspberry

3,423830

asked Sep 19 '17 at 17:46

RossRoss

1063

bumped to the homepage by Community♦ 6 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

1

I've been tinkering with GitLab and Azure ActiveDirectory with OAuth and allowing AD users to connect to GitLab accounts. This is set up and works just fine. However, GitLab won't create users for AD users on the first login - they have to create a GitLab account first.

Is there a way to automatically allow AD users into GitLab without first creating an account and/or automatically creating the GitLab account for the AD user?

For reference, the relevant GitLab configuration:

 gitlab_rails['omniauth_enabled'] = true

 gitlab_rails['omniauth_allow_single_sign_on'] = ['azure']

 gitlab_rails['omniauth_external_providers'] = ['azure_oauth2']

 gitlab_rails['omniauth_block_auto_created_users'] = false

 gitlab_rails['sync_profile_from_provider'] = ['azure_oauth2']

 gitlab_rails['sync_profile_attributes'] = ['name', 'email']

 gitlab_rails['omniauth_providers'] = [

    {

      "name" => "azure_oauth2",

      "args" => {

        "client_id" => "my client id",

        "client_secret" => "my client secret",

        "tenant_id" => "my tenant id"

      }

    }

 ]

gitlab azure-active-directory oauth

share|improve this question

edited Sep 20 '17 at 8:46

Mr. Raspberry

3,423830

asked Sep 19 '17 at 17:46

RossRoss

1063

bumped to the homepage by Community♦ 6 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

I've been tinkering with GitLab and Azure ActiveDirectory with OAuth and allowing AD users to connect to GitLab accounts. This is set up and works just fine. However, GitLab won't create users for AD users on the first login - they have to create a GitLab account first.

Is there a way to automatically allow AD users into GitLab without first creating an account and/or automatically creating the GitLab account for the AD user?

For reference, the relevant GitLab configuration:

 gitlab_rails['omniauth_enabled'] = true

 gitlab_rails['omniauth_allow_single_sign_on'] = ['azure']

 gitlab_rails['omniauth_external_providers'] = ['azure_oauth2']

 gitlab_rails['omniauth_block_auto_created_users'] = false

 gitlab_rails['sync_profile_from_provider'] = ['azure_oauth2']

 gitlab_rails['sync_profile_attributes'] = ['name', 'email']

 gitlab_rails['omniauth_providers'] = [

    {

      "name" => "azure_oauth2",

      "args" => {

        "client_id" => "my client id",

        "client_secret" => "my client secret",

        "tenant_id" => "my tenant id"

      }

    }

 ]

gitlab azure-active-directory oauth

share|improve this question

edited Sep 20 '17 at 8:46

Mr. Raspberry

3,423830

asked Sep 19 '17 at 17:46

RossRoss

1063

 gitlab_rails['omniauth_enabled'] = true

 gitlab_rails['omniauth_allow_single_sign_on'] = ['azure']

 gitlab_rails['omniauth_external_providers'] = ['azure_oauth2']

 gitlab_rails['omniauth_block_auto_created_users'] = false

 gitlab_rails['sync_profile_from_provider'] = ['azure_oauth2']

 gitlab_rails['sync_profile_attributes'] = ['name', 'email']

 gitlab_rails['omniauth_providers'] = [

    {

      "name" => "azure_oauth2",

      "args" => {

        "client_id" => "my client id",

        "client_secret" => "my client secret",

        "tenant_id" => "my tenant id"

      }

    }

 ]

share|improve this question

edited Sep 20 '17 at 8:46

Mr. Raspberry

3,423830

asked Sep 19 '17 at 17:46

RossRoss

1063

share|improve this question

edited Sep 20 '17 at 8:46

Mr. Raspberry

3,423830

asked Sep 19 '17 at 17:46

RossRoss

1063

edited Sep 20 '17 at 8:46

Mr. Raspberry

3,423830

edited Sep 20 '17 at 8:46

Mr. Raspberry

3,423830

asked Sep 19 '17 at 17:46

RossRoss

1063

asked Sep 19 '17 at 17:46

RossRoss

1063

1 Answer
1

active

oldest

votes

0

You need to specify the providers that will be allowed to create new accounts in the field allow_single_sign_on. You have set azure on this field, but the correct name of the provider is azure_oauth2. Setting the correct provider name should fix your problem.

share|improve this answer

answered Jan 3 '18 at 15:33

T.M.T.M.

101

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f874484%2fgitlab-and-oauth-to-azure-ad%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

You need to specify the providers that will be allowed to create new accounts in the field allow_single_sign_on. You have set azure on this field, but the correct name of the provider is azure_oauth2. Setting the correct provider name should fix your problem.

share|improve this answer

answered Jan 3 '18 at 15:33

T.M.T.M.

101

add a comment | 

0

You need to specify the providers that will be allowed to create new accounts in the field allow_single_sign_on. You have set azure on this field, but the correct name of the provider is azure_oauth2. Setting the correct provider name should fix your problem.

share|improve this answer

answered Jan 3 '18 at 15:33

T.M.T.M.

101

add a comment | 

You need to specify the providers that will be allowed to create new accounts in the field allow_single_sign_on. You have set azure on this field, but the correct name of the provider is azure_oauth2. Setting the correct provider name should fix your problem.

share|improve this answer

answered Jan 3 '18 at 15:33

T.M.T.M.

101

share|improve this answer

answered Jan 3 '18 at 15:33

T.M.T.M.

101

answered Jan 3 '18 at 15:33

T.M.T.M.

101

answered Jan 3 '18 at 15:33

T.M.T.M.

101