Self-Hosted Main

515 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

communick@selfhosted.forum

SSO and IAM for self-hosted gitlab, mattermost, reviewboard (alien.top)

submitted 1 year ago by ww_pt@alien.top to c/main@selfhosted.forum

3 comments fedilink hide all child comments

Hey everyone,

Our small company has self-hosted Gitlab, Mattermost and Reviewboard. Currently there are separate logins for all of them. I'm looking for a self-hosted SSO solution that could help my colleagues with user management and also help all of us have less logins to worry about.One think I need is managing which user has access to which application. For example: Only some people should be able to access the Gitlab, but all should be able to access Mattermost.

I've already looked at the options and played with Zitadel and Logto but they don't seem to solve the access issues mentioned above (they have roles, but you can't block access to an application based on them as far as I tried - but please correct me if I'm wrong).

I've also looked at Keycloak and it seems to offer client roles which you can then add to users. I'm just not sure if they can be used for user access.

Did anyone have similar issue? How did/would you solve it?Thank you for your answers.

top 3 comments

sorted by: hot top controversial new old

[–] dud3@feddit.de 1 points 1 year ago

I'm using Authentik for SSO for a while and it has been great. It's relatively easy to configure with many guides available.

[–] indykoning@alien.top 1 points 1 year ago

I know Authentik supports managing access per role, it's how it's meant to be used. https://goauthentik.io/docs/applications#authorization

Seems they have a doc on setting it up with gitlab. https://goauthentik.io/integrations/services/gitlab/

[–] gorbak25@alien.top 1 points 1 year ago

For your usecase if you are fine with proxying your apps via cloudflare I would recommend using cloudflare access, the UI is slow and sluggish but it's quick to set up and hassle free. Also key cloak can get the job done by making a separate realm per app, we did that at one of my previous jobs.