Okta User SSO

This is a placeholder page. Please see the links below for any child pages that exist.

Okta SSO User Setup Guide

All GitLab team members have an Okta account created as part of the onboarding process.

New Team Member? You should already have an activation email in your personal email inbox.

Authentication

You can access the Okta dashboard by opening your web browser and visiting https://gitlab.okta.com. You should bookmark this page. 😄

If you visit a vendor’s website and choose to sign in with SSO, it will redirect you to Okta to sign in. If prompted for a company ID or similar, try gitlab.

Okta User Android Setup Guide

Google Workspace 2FA Prompts Missing

When adding my GitLab Google Workspace account to my Android device, the biometrics or security key verification never prompts after signing in to Okta.

When attempting to add a Google Workspace account to an Android device, Okta authentication proceeds in the Android’s embedded browser (WebView).

Since Okta does not support embedded web browsers for WebAuthn based verification, which causes an issue where nothing prompts you after you sign-in to Okta, so you cannot add the Google Workspace account to Android devices.

Okta User FAQ

Frequently Asked Questions

If you have a question that is not answered here, please ask in #it_help on Slack or create an issue in the Corporate Security Issue Tracker.

GitLab.com 2FA

Why does GitLab.com ask for an additional MFA when I login using Okta?

Your gitlab.com account will have 2FA installed as required by our policy.

Note that the 2FA for GitLab.com is different to the MFA you use to log into Okta.

Okta User iPhone Face ID Setup

These steps are for an iPhone, and may be slightly different for Android. If you are using an iPhone and receive a Developer or XCODE error, please upgrade to iOS 16+. We recommend enrolling a phone even if you don’t plan to use it often, in case you need a way to add a new computer or your credential gets accidentally removed on the computer.

  1. On the computer, if using Chrome, please check that it is on the latest version by visiting the URL chrome://settings/help - if a new version is available, please use the Relaunch button to restart the browser.

Okta User Linux Setup Guide

This is a placeholder page. Please see the links below for any child pages that exist.

Okta User Lockout (Password or 2FA) Guide

Instructions

  1. Ask for a Okta unlock (or 2FA reset) in the #it_help Slack channel or send an email to it-help@gitlab.com and ask for a 2FA Reset.

    If you do not have access to your work email account, you can send from your personal email address that is on file in Workday.

  2. Please be prepared to verify your identity.

  3. Once Okta 2FA has been reset, please reconfigure it by signing in to your Okta account and adding a new authenticator using Touch ID or YubiKey.

Okta User macOS Setup Guide

This method has been verified on Macs and Linux with Chrome. For Safari, it requires macOS Ventura 13+. Steps below for iPhone require iOS 16+, may be slightly different for Android.

  1. On the computer, log in with username and password
  2. On the computer, a popup appears to “Verify your identity with gitlab.okta.com”
  3. On the computer, choose “Use phone with a QR code”. This requires Bluetooth to be enabled on both the phone and the laptop, but doesn’t require pairing.
  4. On the mobile device, scan the code using the Camera app
  5. On the mobile device, click “Sign in with a Passkey”
  6. On the mobile device, a “Sign in” popup appears - “Do you want to sign in to “gitlab.okta.com” with your saved passkey for “xxxxx@gitlab.com”? Click Continue and provide biometric.
  7. On the computer, you will now be signed in to Okta.
  8. If applicable, follow the standard steps to enroll your Touch ID into Okta.

I don’t have an enrolled phone or computer but have a YubiKey

If both of previous devices are not available, you could use a YubiKey as another form of authentication (if you have one set one up). Use that to access your settings page and follow the steps above to enroll a new device.

Okta User Passkey Setup Guide

  1. With the 1Password browser extension installed, access the Settings page.

  2. In the ‘Security Methods’ section of the page, choose Set up or Set up another next to Security Key or Biometric.

  3. You may then be presented with another prompt to confirm if you wish to Set up another, followed by an Enroll prompt.

  4. After pressing Enroll, a prompt from your web browser will appear.

  5. From 1Password, you’ll see a pop up notification from 1Password with the options “New Item” or “Update Existing”. Select “Update Existing” and your Okta account to continue.

Okta User Provisioning

This is a placeholder page. Please see the links below for any child pages that exist.

Okta User SSO Guide (Touch ID 2FA Setup)

Overview

Configuration Steps

  1. While logged in to Okta from the device you wish to add, access the Settings page.

  2. In the ‘Security Methods’ section of the page, choose Set up or Set up another next to Security Key or Biometric.

  3. You will then presented with a password verification and passkey verification prompt.

  4. After pressing Set up twice, a prompt from your web browser will appear, or a 1Password prompt may appear. Click the thumb drive icon to bypass if it appears and you wish to save it in iCloud Keychain (recommended) or the local Chrome browser.

Okta YubiKey 2FA Guide

This is a placeholder page. Please see the links below for any child pages that exist.

Last modified July 1, 2024: Add Corporate Security handbook pages (b684cdaf)
View page source - Edit this page - please contribute. Creative Commons License