Allow guest access limited to domain whitelist
Release notes
Problem to solve
A very large organization would like to use gitlab.com. They want everything public to anyone logged in via the company domain, and private to all others.
This functionality would be possible if they self-hosted and made the root level org public. However, they want .com
Requirements:
- The company's group will be not be public to the world (private org).
- The company's group will be public to any user logged in with their company domain email.
- The company cannot be required to add or approve each employee.
- Each employee should be treated as a guest user, by default.
- Employee will auth into gitlab.com
- Employee has not been added as a direct member to any projects or groups, so does not use a license seat.
Intended users
- Parker (Product Manager)
- Delaney (Development Team Lead)
- Presley (Product Designer)
- Sasha (Software Developer)
- Devon (DevOps Engineer)
- Rachel (Release Manager)
- Simone (Software Engineer in Test)
- Allison (Application Ops)
- Priyanka (Platform Engineer)
- Dana (Data Analyst)
- Eddie (Content Editor)
User experience goal
GitLab should support enterprise scale organization access. Many large companies would like all employees to have guest (read only) access to all projects. This would mean they auth into gitlab.com but do not use a license seat, as they are not members in the project.
Proposal
Enable setting an org private by default but public to a specific domain, much as we can currently "Restrict membership by email domain"
Further details
Any large organization wanting to move to .com will need to be able to manage users at an enterprise level. Think in terms of https://gitlab.com/gitlab-com being open to the world, but as an enterprise I want my project open to the company.
Permissions and Security
Documentation
Availability & Testing
Available Tier
- Premium/Silver
- Ultimate/Gold