Okta User SSO

All GitLab team members have an Okta account created as part of the onboarding process. New Team Member? You should already have an activation email in your personal email inbox. Authentication You can access the Okta dashboard by opening your web browser and visiting https://gitlab.okta.com. You should bookmark this page. 😄 If you visit a vendor’s website and choose to sign in with SSO, it will redirect you to Okta to sign in.

Google Workspace 2FA Prompts Missing When adding my GitLab Google Workspace account to my Android device, the biometrics or security key verification never prompts after signing in to Okta. When attempting to add a Google Workspace account to an Android device, Okta authentication proceeds in the Android’s embedded browser (WebView). Since Okta does not support embedded web browsers for WebAuthn based verification, which causes an issue where nothing prompts you after you sign-in to Okta, so you cannot add the Google Workspace account to Android devices.

Frequently Asked Questions If you have a question that is not answered here, please ask in #it_help on Slack or create an issue in the Corporate Security Issue Tracker. GitLab.com 2FA Why does GitLab.com ask for an additional MFA when I login using Okta? Your gitlab.com account will have 2FA installed as required by our policy. Note that the 2FA for GitLab.com is different to the MFA you use to log into Okta.

These steps are for an iPhone, and may be slightly different for Android. If you are using an iPhone and receive a Developer or XCODE error, please upgrade to iOS 16+. We recommend enrolling a phone even if you don’t plan to use it often, in case you need a way to add a new computer or your credential gets accidentally removed on the computer. On the computer, if using Chrome, please check that it is on the latest version by visiting the URL chrome://settings/help - if a new version is available, please use the Relaunch button to restart the browser.

This is a placeholder page. Please see the links below for any child pages that exist.

Instructions Ask for a Okta unlock (or 2FA reset) in the #it_help Slack channel or send an email to it-help@gitlab.com and ask for a 2FA Reset. If you do not have access to your work email account, you can send from your personal email address that is on file in Workday. Please be prepared to verify your identity. Once Okta 2FA has been reset, please reconfigure it by signing in to your Okta account and adding a new authenticator using Touch ID or YubiKey.

This method has been verified on Macs and Linux with Chrome. For Safari, it requires macOS Ventura 13+. Steps below for iPhone require iOS 16+, may be slightly different for Android. On the computer, log in with username and password On the computer, a popup appears to “Verify your identity with gitlab.okta.com” On the computer, choose “Use phone with a QR code”. This requires Bluetooth to be enabled on both the phone and the laptop, but doesn’t require pairing.

With the 1Password browser extension installed, access the Settings page. In the ‘Security Methods’ section of the page, choose Set up or Set up another next to Security Key or Biometric. You may then be presented with another prompt to confirm if you wish to Set up another, followed by an Enroll prompt. After pressing Enroll, a prompt from your web browser will appear. From 1Password, you’ll see a pop up notification from 1Password with the options “New Item” or “Update Existing”.

This is a placeholder page. Please see the links below for any child pages that exist.

Overview Configuration Steps While logged in to Okta from the device you wish to add, access the Settings page. In the ‘Security Methods’ section of the page, choose Set up or Set up another next to Security Key or Biometric. You will then presented with a password verification and passkey verification prompt. After pressing Set up twice, a prompt from your web browser will appear, or a 1Password prompt may appear.

This is a placeholder page. Please see the links below for any child pages that exist.