To enable the Authentiq OmniAuth provider for passwordless authentication you must register an application with Authentiq.
Authentiq will generate a Client ID and the accompanying Client Secret for you to use.
Get your Client credentials (Client ID and Client Secret) at Authentiq.
On your GitLab server, open the configuration file:
For omnibus installation
sudo editor /etc/gitlab/gitlab.rb
For installations from source:
sudo -u git -H editor /home/git/gitlab/config/gitlab.yml
See Initial OmniAuth Configuration for initial settings to enable single sign-on and add Authentiq as an OAuth provider.
Add the provider configuration for Authentiq:
For Omnibus packages:
gitlab_rails['omniauth_providers'] = [
{
"name" => "authentiq",
"app_id" => "YOUR_CLIENT_ID",
"app_secret" => "YOUR_CLIENT_SECRET",
"args" => {
scope: 'aq:name email~rs aq:push'
}
}
]
For installations from source:
- { name: 'authentiq',
app_id: 'YOUR_CLIENT_ID',
app_secret: 'YOUR_CLIENT_SECRET',
args: {
scope: 'aq:name email~rs aq:push'
}
}
The scope
is set to request the user's name, email (required and signed), and permission to send push notifications to sign in on subsequent visits. See OmniAuth Authentiq strategy for more information on scopes and modifiers.
Change 'YOUR_CLIENT_ID' and 'YOUR_CLIENT_SECRET' to the Client credentials you received in step 1.
Save the configuration file.
Reconfigure or restart GitLab for the changes to take effect if you installed GitLab via Omnibus or from source respectively.
On the sign in page there should now be an Authentiq icon below the regular sign in form. Click the icon to begin the authentication process.
If everything goes right, the user will be returned to GitLab and will be signed in.