Page-Specific Access Controls for External Users

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem Statement

Agencies and organizations need to showcase project progress to their customers using GitLab Pages without requiring customers to have GitLab accounts or interact with the GitLab interface. Currently, there's no way to provide page-specific authentication that bypasses GitLab's user management system while still maintaining security.

Use Case

An agency wants to use GitLab Pages with Parallel Deployments to:

• Display project progress to customers in real-time
• Allow customers to view specific pages without GitLab accounts
• Maintain security by controlling access to individual pages
• Avoid requiring customers to interact with any GitLab interface

Proposed Solutions

Option 1: Customizable Sign-in Screen (Easy Implementation)

• Enable a customizable sign-in screen when users are redirected from Pages
• Allow page-specific authentication flows
• Maintain current GitLab authentication backend but with custom UX

Option 2: Individual Page SSO Integration (Advanced Implementation)

• Provide scaffolding for customers to connect their own SSO flows to individual Pages sites
• Allow authentication token verification against stored keys rather than GitLab auth
• Enable completely custom authentication flows per page

Benefits

• Customer Experience: No GitLab account required
• Agency Flexibility: Can showcase work without technical barriers for clients
• Security: Maintains access control while simplifying user experience
• Business Value: Enables new use cases for GitLab Pages in client-facing scenarios

Technical Considerations

• Integration with existing Pages infrastructure
• Security implications of bypassing standard GitLab authentication
• Potential overlap with existing guest user functionality

Related Issues

• Part of broader Pages access control improvements