Authentiq OmniAuth Provider

To enable the Authentiq OmniAuth provider for passwordless authentication, you must register an application with Authentiq.

Authentiq generates a Client ID and the accompanying Client Secret for you to use.

  1. Get your Client credentials (Client ID and Client Secret) at Authentiq.

  2. On your GitLab server, open the configuration file:

    For omnibus installation

    sudo editor /etc/gitlab/gitlab.rb
    

    For installations from source:

    sudo -u git -H editor /home/git/gitlab/config/gitlab.yml
    
  3. Edit the common configuration file settings to add authentiq as a single sign-on provider. This enables Just-In-Time account provisioning for users who do not have an existing GitLab account.

  4. Add the provider configuration for Authentiq:

    For Omnibus packages:

    gitlab_rails['omniauth_providers'] = [
      {
        name: "authentiq",
        # label: "Provider name", # optional label for login button, defaults to "Authentiq"
        app_id: "<your_client_id>",
        app_secret: "<your_client_secret>",
        args: {
          "scope": 'aq:name email~rs address aq:push'
        }
      }
    ]
    

    For installations from source:

    - { name: 'authentiq',
        # label: 'Provider name', # optional label for login button, defaults to "Authentiq"
        app_id: '<your_client_id>',
        app_secret: '<your_client_secret>',
        args: {
               scope: 'aq:name email~rs address aq:push'
              }
      }
    
  5. The scope is set to request the:
    • User’s name.
    • Required and signed email.
    • Permission to send push notifications to sign in on subsequent visits.

    See OmniAuth Authentiq strategy for more information on scopes and modifiers.

  6. Change <your_client_id> and <your_client_secret> to the Client credentials you received from Authentiq.

  7. Save the configuration file.

  8. For the changes to take effect:

On the sign in page there should now be an Authentiq icon below the regular sign in form. Select the icon to begin the authentication process. If the user:

  • Has the Authentiq ID app installed in their iOS or Android device, they can:
    1. Scan the QR code.
    2. Decide what personal details to share.
    3. Sign in to your GitLab installation.
  • Does not have the app installed, they are prompted to download the app and then follow the previous procedure.

If everything works, the user is returned to GitLab and is signed in.