Identity GitOps Architecture

We use Terraform with a GitOps CI/CD pipeline for managing configuration-as-code and any actions that can be performed in the Admin UI. This moves all day-to-day administrative actions and global configuration into state management with MR approval rules and CI/CD automation.

Architecture Diagram

Identity Platform Control Plane

Okta

Google Cloud

AWS Identity Center SSO Permission Sets

Okta Organization
gitlab.com

GCP Organization
gitlab.com

Infrastructure Folder
(GitLab SaaS Production)
Managed by Infrastructure Department
ops.gitlab.net/gitlab-com/gl-infra/config-mgmt

Terraform AWS GitOps
gitops.gitlab.black/tf/aws/{org}

AWS Services Org

AWS Sandbox Org

AWS Dedicated Org

AWS Dedicated Dev Org

AWS Black Ops Org
Account per Service

Terraform GCP GitOps
gitops.gitlab.black/tf/gcp/{org}

GCP Organization
Dedicated Prod

GCP Organization
Dedicated Dev

Terraform Okta GitOps
gitops.gitlab.black/tf/okta

Okta Applications

Okta Policies

Okta Settings


AWS Configuration Management
GCP Configuration Management
Okta Configuration Management
The Okta repository is used for managing configuration-as-code for any actions that can be performed in the Admin UI. This moves all day-to-day administrative actions and global configuration into state management with MR approval rules and CI/CD automation.