This guide shows how to enable login with ZITADEL on self-hosted Gitlab instances.
It covers how to:
- create and configure the application in your ZITADEL project
- create and configure the connection in a self-hosted Gitlab instance
- existing ZITADEL Instance, if not present follow this guide
- existing ZITADEL Organization, if not present follow this guide
- existing ZITADEL project, if not present follow the first 3 steps here
- running Gitlab instance see installation guide
Create the Gitlab app
Go to the detail page of your project and click the "+"-button in the application-section. This will lead you to the the creation wizard.
Create the app by setting a name and select the application type "Web"
Select the authentication method
The authentication method defines the communication flow during a login
Use if your application needs client id and client secret
During the login flow the application defines where a user is redirected to after login or logout.
ZITADEL verifies if the URL the user gets redirected to is valid by checking if one of the redirect URIs match.
- Redirect URIs are verified during the login process.
- The default redirect uri of your app is
- Post Logout URIs are verified during the logout process.
The default redirect uri of your app is
Review your configuration
The last page of the stepper shows a summary of what will be created. After you have reviewed the configuration you can create the application.
Please make sure to safe the client id and secret for later use in the application.
Create key for private key JWT
Follow this guide of gitlab to configure the omniauth provider. Following is an example configuration with redacted secrets.
Replace the values of the following fields:
ClientIdgenerated by ZITADEL in the last step of [Create application in ZITADEL])()
ClientSecretgenerated by ZITADEL in the last step of [Create application in ZITADEL])()
args.client_options.redirect_uriwith the proper URL to your gitlab instance and callback
gitlab_rails['omniauth_providers'] = [
identifier: "<CLIENT ID from ZITADEL>",
secret: "<CLIENT SECRET from ZITADEL>",