Restrict/Control OAuth Application Connections for dotcom Enterprise Users
Details
customer GitLab.com Feature Request GitLab Premium typefeature groupauthentication
Current pain point
As a highly regulated company, we must control data access. In our environment, Gitlab SaaS Users are authenticated to the top-level group using an external single sign-on service. However, the User can freely add OAuth Applications to their settings. These Applications have access to the User's Gitlab resources and may be unknown and untrusted by the company. This is seen to increase the risk of misuse or data loss.
Solution
We would like to authorise Enterprise Users wishing to connect to our protected top-level group that have zero or more trusted OAuth Applications configured in their Gitlab User settings. To allow audit and general usage reporting, we would also like to read OAuth Applications in use by our connected Enterprise Users
Why it is important to solve
The lack of technical controls in this area reduces the appetite to extend our Gitlab SaaS usage to certain teams and services.