Hey everyone,
Our small company has self-hosted Gitlab, Mattermost and Reviewboard. Currently there are separate logins for all of them. I’m looking for a self-hosted SSO solution that could help my colleagues with user management and also help all of us have less logins to worry about.One think I need is managing which user has access to which application. For example: Only some people should be able to access the Gitlab, but all should be able to access Mattermost.
I’ve already looked at the options and played with Zitadel and Logto but they don’t seem to solve the access issues mentioned above (they have roles, but you can’t block access to an application based on them as far as I tried - but please correct me if I’m wrong).
I’ve also looked at Keycloak and it seems to offer client roles which you can then add to users. I’m just not sure if they can be used for user access.
Did anyone have similar issue? How did/would you solve it?Thank you for your answers.
You must log in or register to comment.
I’m using Authentik for SSO for a while and it has been great. It’s relatively easy to configure with many guides available.
I know Authentik supports managing access per role, it’s how it’s meant to be used. https://goauthentik.io/docs/applications#authorization
Seems they have a doc on setting it up with gitlab. https://goauthentik.io/integrations/services/gitlab/
For your usecase if you are fine with proxying your apps via cloudflare I would recommend using cloudflare access, the UI is slow and sluggish but it’s quick to set up and hassle free. Also key cloak can get the job done by making a separate realm per app, we did that at one of my previous jobs.