This guide applies to both self-hosted instances of GitLab and gitlab.com.

Once logged in to the Zitadel dashboard, change the organization to "Grafbase" from the top navigation. Navigate to "Settings", click "Identity Providers", then "Gitlab".

You will see a callback link, which you can already copy. Keep this tab open. Then navigate to Gitlab, and in group settings, select "Applications" and create a new application. Insert the callback link you copied from Zitadel, and create the app with the following scopes: openid, profile, email.

Gitlab will give you an application ID and secret. Copy these values, and go back to the Zitadel page where you copied the callback URL. Tick the "Automatic creation" and "Automatic update" boxes, and create the provider.

You should now be able to sign in with Gitlab in the Grafbase dashboard. On first sign in, you will be prompted to create a new organization. Subsequent users will be able to log in with Gitlab, but there is a last step to complete before they are also automatically added to your organization.

Go back to the Zitadel dashboard. Navigate to the Grafbase organization, then to "Settings", then "Verified domains". Add the domain name used by the user emails associated to the Gitlab accounts you will use to log in.

In the postgres database used by your Enterprise Platform deployment, there should be a single row in the accounts table. Update the value for the saml_domain column to match the domain you just configured in Zitadel.

Now anytime someone logs in to the dashboard, and their email address matches the configured domain, they will automatically be added to your organization.

Also see the Zitadel guide on using Gitlab as an IdP.