CorpSec Services

This is a placeholder page. Please see the links below for any child pages that exist.

Access Requests are owned by the Corporate Security Helpdesk team. All onboarding, offboarding and role change (career mobility) requests are owned by the People Connect Team.

If you have any access requests related questions, please reach out to #it_help in Slack or the tool provisioner in Slack.

• FAQs
• Baseline Entitlements
• Temporary service providers access requests and onboarding

Issue Trackers

• Team Members (use this by default): Access Request Issue Tracker
• Temporary Service Providers: Lifecycle Issue Tracker
• Employment Onboarding: Employment Issue Tracker
• Employment Career Mobility: Employment Issue Tracker
• Employment Offboarding: Employment Issue Tracker

Team Member Issue Templates

• Specific Application Requests (use Individual or Bulk Person Access Request if not listed)
  • Slack, Google Group, 1Password Groups or Vaults
  • PagerDuty
  • Tableau
  • ZenDesk Federal Customer Creation
• Standard Access Requests
  • (Use this by default) Individual or Bulk Person Access Request: One or multiple people requesting access to systems
    • Create one issue for one or multiple people to get access to the same system
    • Create one issue for one person to get access to multiple systems (checklist)
    • Create multiple issues (one per system) to grant multiple people to the each (same) system
    • When access is being requested for multiple people who report to different managers but are part of the same department or division, approval can be obtained by the manager at the highest level (ex. Director, Vice President, Division E-Group Leader). Comment approval by cross-functional managers is sufficient since only one manager can apply the approved label.
  • Access Change Request: Remove or change the level of access to an application/system/distro (non-urgent change).
  • Access Reviews
• Infrastructure
  • New AWS Account (Individual) - self service using Sandbox Cloud (powered by HackyStack)
  • New AWS Account (Group/Team/Service)
  • Add IAM Users to AWS Account
  • New GCP Project (Individual) - self service using Sandbox Cloud (powered by HackyStack)
  • New GCP Project (Group/Team/Service)
  • Add IAM Users to GCP Project
• Sysadmin (BLACK) Account Requests
  • Admin BLACK Account Creation
  • Admin BLACK Account Role - 1Password
  • Admin BLACK Account Role - AWS
  • Admin BLACK Account Role - Google Workspace
  • Admin BLACK Account Role - Okta
• Special Use Case Access Requests
  • Name Change Request
  • Shared Account Access Request
  • External access to Greenhouse through Okta
• Demo Accounts and Licenses
  • Shared Omnibus Instance - powered by Demo Systems
  • GitLab SaaS Ultimate License for User Account
  • GitLab SaaS Ultimate License for (Demo/Test) Group
  • GitLab Self Managed License
• Service Accounts
  • GitLab.com SaaS Service Account Requests - Admin only, not needed for group/project tokens
  • GCP or Google Workspace API/Service Account Requests
  • Okta Admin Service Account Requests for apps, groups, and users
  • Other Service Account (App to App)
  • Other API Token Request
• Tech Stack
  • Okta new application setup
  • Add application to tech stack
  • Update tech stack metadata
  • Update tech stack provisioner
  • Remove application from tech stack

Role Based Entitlements

• Role based entitlements are a pre-approved set of permissions that are granted to all people in a role. Make sure that whatever set of permissions you are adding to these templates should be granted to anyone with that role.

This is a placeholder page. Please see the links below for any child pages that exist.

Need Help?

Visit the Corporate Security Support and/or Corporate Security Systems handbook page to get help.

This page provides the “what” and links to the services that we provide and our internal processes. The support page provides the “how” that you will find helpful.

Overview

We have 24x5 coverage provided by Helpdesk Support Analysts that can help you with access requests, account lockouts, authentication issues, laptop hardware, laptop software configuration problems, 1:1 training for unfamiliar technologies, and triage problems for any Corporate Security Systems.

This is a placeholder page. Please see the links below for any child pages that exist.

Overview

Many services that team members use such as Slack and Zoom have mobile applications that can be loaded onto iOS or Android devices, allowing for use of those resources from a mobile phone. Refer to the acceptable use policy for more information on using a mobile device.

Most major applications (Slack, Zoom, Okta Verify) have been examined and vetted by the Security Team, but there are some applications which are not only of limited scope in the data they can access, but also have security issues. In such cases, use the mobile device’s web browser for access to the resource. If you have a question about the security of a mobile app and want to know if you should be using it to access GitLab data, review the security tips on this page or contact the Security Team via Slack in the #security channel.

This is a placeholder page. Please see the links below for any child pages that exist.

The Corporate Security Helpdesk provides day-to-day support and handles the provisioning of accounts, hardware, and software for new team members (aka employees), temporary service providers (aka contractors), and any external collaborators (aka customers, partners, and vendors).

If you need any help with onboarding that isn’t answered in the handbook or you’re overwhelmed, simply ask in the #it_help Slack channel.

Related Services

• External Collaborators (Customers, Partners, Vendors)
• Team Members (Employees)
  • Access Requests
  • Career Mobility (Role Changes)
  • Laptops
  • Offboarding
• Temporary Service Providers (Contractors)
  • Contractors (Temporary Service Providers)
  • Laptops

Overview

At GitLab, we use the term onboarding to refer to the first few weeks after a team member was hired and enabling you to be productive. The onboarding processes are cross-functionally managed with Corporate Security, People Operations, and Security Assurance.

This is a placeholder page. Please see the links below for any child pages that exist.

Overview

Do not configure email forwarding of company emails (@gitlab.com) to a non-company email address.

Acceptable Use Policy - Unacceptable Email and Communications Activities

This is a placeholder page. Please see the links below for any child pages that exist.

This is a placeholder page. Please see the links below for any child pages that exist.

Purpose

This page displays different pieces of information surrounding GitLab laptop procurement and management.

Scope

At GitLab, we use centralized laptop management for company-issued laptops. If you are in possession of a company-issued laptop, the details below apply to you. However, not all endpoint management technologies GitLab deploys will be required for Apple, Linux, and Windows laptops. Some technologies may be specific to the hardware platform or operating system.

This is a placeholder page. Please see the links below for any child pages that exist.

This is a placeholder page. Please see the links below for any child pages that exist.