1Password
This is a placeholder page. Please see the links below for any child pages that exist.
CorpSec Systems and Tech Stack
The Corporate Security department provides configuration management engineering and tech support helpdesk services for team members and temporary service providers (aka contractors, vendors, etc.) for the company-wide systems that we manage. The systems directory provides a list of all of our systems with quick reference links to administration runbooks, end user documentation, issue templates, mentionable groups, and tags that are used in GitLab epics, issues, and merge requests.
Cross-Department System Owners
As GitLab has grown organically, several departments and functional groups have their own System Administrators (“System Owners”) that handle day-to-day management of the tech stack applications that are specific to that department or functional group, within the framework of organization-wide compliance, infrastructure, and security best practices. Each tech stack application at GitLab has a System Owner that is the DRI for handling the implementation and day-to-day operational support for the team members that utilize that application (in their department or functional group). This has an added benefit of preventing the traditional IT department from being a bottleneck and allows each department to self-service as part of GitLab’s efficiency for the right group subvalue.
- Customer Success Operations
- Customer Support Operations
- (Business Intelligence) Data Team
- Engineering Infrastructure (Reliability SREs)
- Engineering Productivity
- Enterprise Applications
- Marketing Operations
- People Connect
- People Group Engineering
- Sales Systems
CorpSec Systems Directory
The Corporate Security department provides configuration management engineering and tech support helpdesk services for team members and temporary service providers (aka contractors, vendors, etc.) for the company-wide systems that we manage.
Access Check (accesschk)
This is a placeholder page. Please see the links below for any child pages that exist.
Access Control (access.gitlab.systems)
This is a placeholder page. Please see the links below for any child pages that exist.
Amazon Web Services (AWS)
This is a placeholder page. Please see the links below for any child pages that exist.
Apple macOS
This is a placeholder page. Please see the links below for any child pages that exist.
Azure
This is a placeholder page. Please see the links below for any child pages that exist.
Backblaze
Backblaze is a tool that might be deployed to backup data on your GitLab-owned device. It is not installed by default on company devices. Backblaze will only be installed if specifically requested by the Legal and People Ops teams for the purpose of a legal hold or investigation. The installation and use of Backblaze will be conducted in accordance with all applicable laws and regulations, including data protection and privacy laws. Deployment of Backblaze to a team member’s device will remove the current requirement for a departing team member on Legal Hold to send their laptop to a CorpSec team member for imaging before the laptop is wiped.
Demo Systems
This is a placeholder page. Please see the Customer Success Demo Systems handbook page.
GitLab Product Administration for Internal Team Members and Temporary Service Providers
This is a placeholder page. Please see the links below for any child pages that exist.
Google is considered a platform and the various features and functionality are on their own pages.
HackyStack (Sandbox Cloud)
This is a placeholder page. Please see the Sandbox Cloud handbook page.
Jamf MDM
This is a placeholder page. Please see the links below for any child pages that exist.
Laptop VPN for Public Networks and System Administration
Overview
NordLayer is our supported VPN (Virtual Private Network) platform for GitLab Team Members.
The use of NordLayer is optional, however it is recommended when working on guest networks or public Wi-Fi. In other words, you should connect to the VPN to secure your laptop’s traffic anytime that you’re not at home. That could be at a co-working location, an airport, a coffee shop or on a guest network at a customers office.
Linux Desktop OS
This is a placeholder page. Please see the links below for any child pages that exist.
Lumos
Lumos is an Identity Governance and Administration platform. It allows GitLab to consolidate and automate access requests, just-in-time access, access reviews, license tracking, and shadow IT discovery.
Microsoft Windows
This is a placeholder page. Please see the links below for any child pages that exist.
Nira (Google Drive Security) User Guide
Nira guide for end users on Nira functionality. If you are a Nira admin, this guide can provide some guidance, but is not all encompassing of admin functionality.
Okta Workforce Identity and SSO
Overview
Okta is an Identity and Single Sign On solution for SaaS applications and Cloud platforms that is used for accessing most applications at GitLab. This allows us to consolidate authentication and authorization to applications we use daily through a single dashboard and ensure a consistent, secure and auditable login experience for all our GitLab team members.
Quick Links
- 👀 Okta Access Requests
- Okta Applications
- Okta Groups
- Okta Users
- Okta Verify (Device Trust)
- Okta Workflows (No Code Automation)
- Vendor Docs - Okta Documentation
Benefits
- Application Owners
- Automated user provisioning and group management
- Ability to transparently manage shared credentials to web applications without disclosing the credentials to users
- Centralized access for users, making it easy to add, remove and change the application profile without the need to update all users.
- Business Security Benefits
- Enable Zero-Trust based authentication controls upon our assets, so that we can allow authorized connections to key assets with a greater degree of certainty.
- Manage the login process to the 80+ and growing cloud applications that we use within our tech stack.
- Manage the provisioning and deprovisioning process for our users to access these application, by use of automation and integration into our HRIS system.
- Make trust and risk based decisions on authentication requirements to key assets, and adapt these to ensure a consistent user experience.
- User Benefits
- Single Dashboard with all the applications you need in a single place.
- Managed SSO and Multi-Factor Authentication that learns and adapts to your login patterns, making life simpler to access the applications you need.
- Transparent security controls with a friendly user experience.
- Improved 2FA user experience.
SentinelOne Endpoint Detection and Response (EDR)
Overview
We use SentinelOne for endpoint (team member laptop) detection and response (EDR) at GitLab.
All macOS, Windows and Linux devices used by GitLab Team Members for the purposes of fulfilling the responsibilities of their role as a GitLab Team Member are required have the SentinelOne EDR agent installed and functioning.
The use of a Windows endpoint requires a specific business reason and an approved exception as the use of a Windows endpoint is prohibited.
Slack
This is a placeholder page. Please see the links below for any child pages that exist.
Training Systems
This is a placeholder page. Please see the links below for any child pages that exist.
Yubikey User Guide
A YubiKey provides two factor authentication (2FA) and cryptographic key storage capabilities that are used by Engineering, Product, and Security teams at GitLab.
Zoom
This is a placeholder page. Please see the links below for any child pages that exist.
Last modified November 8, 2024: Replace g_production_engineering slack channels (
9f1db6e6)
