Gitlab lab selective sign up - gitlab

I don't prefer to allow sign up to anyone in private gitlab instance until explicitly invited to projects in gitlab.
Is there any way to allow only those users to sign up to whom you send the invitation?
cheers,
ijaz

You can disable sign up, but you (as admin) would have to sign them up.
I'm not aware of any e-mail invitation system.
Andres

If you use LDAP or OmniAuth, you can block auto created users, and then you'd have only need to unblock each user you would like to allow.
(Note: you'd have to configure OmniAuth or LDAP)

Related

why can't i access gitlab with my github account?

tried to login with my github access, but once i tried, didn't work at all, it said
------->below the sentence
Sign-in failed because Email is not allowed for sign-up. Please use your regular email address. Check with your administrator..
tried to figure it out many times, but with my own, pretty hard. anybody know this thing?
it'd be grateful if you could help.
This is part of sign up restrictions:
Allow or deny sign ups using specific email domains
You can specify an inclusive or exclusive list of email domains which can be used for user sign up.
These restrictions are only applied during sign up from an external user. An administrator can add a user through the administrator panel with a disallowed domain. Also, note that the users can change their email addresses to disallowed domains after sign up.
Your GitHub access might be associated with a Github email, which is not allowed on your GitLab instance.

How to allow some specific users to login to Gitlab?

I have integrated my Gitlab server to my LDAP active directory on my internal network. I already have a JIRA server which is already integrated to this LDAP. I have used the same configuration/usergroup from JIRA in the Gitlab as well and my Gitlab is now successfully hooked to the LDAP.
Now i don’t want everyone who can login to Jira to login to the Gitlab account as well. I only want to allow some specific users.
Is there a settings in Gitlab configuration to achieve this thing?
Let me know if anyone can help on this. It will be hugely appreciated.
You have basically two options:
Allow all JIRA users to login but autoblock all signups with block_auto_created_users. Then you have to manually enable new users.
Use the user_filter option to restrict the users which are allowed to sign-up. Here you have two additional choices. You can filter based on the username or better create a group on your LDAP server and then check the group membership with the memberOf function.

Docusign - eNotary in Sandbox

I am using the sandbox account and trying to setup an eNotary Profile. Being that its a sandbox area, I would assume that I don't need a valid notary ID to create one.
Can someone help me setup a Notary Profile on my sandbox account?
QA Question Newly Added: Will ALL test users have to go through this same process? or is it just the main account needs it setup. Reason being, we have a client that will be using the system. For our teams, and their teams, we will need accounts to test this.
Added Image
I assume you are talking about IDV which is a special kind of recipient authentication that require them to use an ID before they can sign a document.
This feature is not available in the sandbox normally because there's cost associated with each transaction.
We may be able to assist you on a case-by-case basis if you have a legitimate need to test this functionality in the developer sandbox.
see https://developers.docusign.com/esign-rest-api/guides/concepts/recipient-authentication for more information about recipient authentication.
Setting up eNotary requires some back-end switches to be flipped on your account. Please open a Support Case requesting that be enabled and provide your Demo account ID.

Custom Users when using Jenkins Google Login Plugin

I am attempting to our company's Jenkins from the Jenkins user database + matrix based security to using Google Login Plugin and Role based strategy plugin to give us better control of our user accounts.
With this new set up I am wondering how I could go about creating a designated user which is used by scripts which trigger Jenkins jobs remotely. I would like to do this without having to add a user to our company's GSuite account as this costs a few $ per month. Before the switch to Google Login I could just create a user manually in the Jenkins user database and take the API token from there but since switching to Google Login there is no option to add a user (which makes sense given than the users are managed by Google now). At the moment it seems like I have to choose from:
Use the old approach and forget about authenticating through google. This is not a great result as we want to minimize the number of user accounts we have to set up for new people joining the company to overhead of onboarding.
Use Google Login Plugin and create a new dedicated "Jenkins" user in GSuite for these scripting / requirements. This costs money.
Use an existing users API Token to avoid the cost of a new Google User in our GSuite account. This seems like bad practice which I'll regret at some point.
Is there a workaround which doesn't require a designated GSuite user or repurposing an existing Google users credentials just for this purpose?
I did a similar research a while ago and it seems like there is no way to do so right now.
However, I'm using SAML plugin with GSuite instead of Google Login Plugin, but from Jenkins security perspective I assume they work in the same way.
When you're using such plugin, Jenkins creates a securityRealm in its config. In my case it is:
<securityRealm class="org.jenkinsci.plugins.saml.SamlSecurityRealm" plugin="saml#1.0.7">
Therefore, to have SAML and Jenkins security matrix work simultaneously, you have to have several security realms.
Here is a ticket, which describes this issue, but it's still open
Regards!
I was also looking at how to trigger builds remotely when using the Google Login Plugin.
I ended up using the "Build Token Root Plugin" which solved this problem, without any need to create a dedicated user for this.
This plugin offers an alternate URI pattern which is not subject to the usual overall or job read permissions. Just issue an Http GET or POST to buildByToken/build?job=NAME&token=SECRET. This URI is accessible to anonymous users regardless of security setup, so you only need the right token.
https://wiki.jenkins.io/display/JENKINS/Build+Token+Root+Plugin

Why GitLab has option to disable sign in?

I can't understand why GitLab has an option to disable the user to login on the site, can anyone give me an explanation?
If a user leaves our company we disable the account and delete the ssh key.
It is not unusual that you do not delete the user account if a user leaves the company, but you always disable the accounts.

Resources