this post was submitted on 28 Oct 2023
2 points (100.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
communick@selfhosted.forum
2
SSO and IAM for self-hosted gitlab, mattermost, reviewboard (alien.top)
submitted 1 year ago by ww_pt@alien.top to c/main@selfhosted.forum
3 comments fedilink hide all child comments
 

Hey everyone,

Our small company has self-hosted Gitlab, Mattermost and Reviewboard. Currently there are separate logins for all of them. I'm looking for a self-hosted SSO solution that could help my colleagues with user management and also help all of us have less logins to worry about.One think I need is managing which user has access to which application. For example: Only some people should be able to access the Gitlab, but all should be able to access Mattermost.

I've already looked at the options and played with Zitadel and Logto but they don't seem to solve the access issues mentioned above (they have roles, but you can't block access to an application based on them as far as I tried - but please correct me if I'm wrong).

I've also looked at Keycloak and it seems to offer client roles which you can then add to users. I'm just not sure if they can be used for user access.

Did anyone have similar issue? How did/would you solve it?Thank you for your answers.

you are viewing a single comment's thread
view the rest of the comments
[–] gorbak25@alien.top 1 points 1 year ago

For your usecase if you are fine with proxying your apps via cloudflare I would recommend using cloudflare access, the UI is slow and sluggish but it's quick to set up and hassle free. Also key cloak can get the job done by making a separate realm per app, we did that at one of my previous jobs.