# Self-Managed Gitlab

## Ensure service account continuity <a href="#h_899746cec5" id="h_899746cec5"></a>

### Create a dedicated application user <a href="#h_729a2d46f2" id="h_729a2d46f2"></a>

Arnica's GitLab integration uses a GitLab-generated app password tied to a specified user. To prevent the token from being revoked when that user leaves, we recommend creating and integrating with a dedicated application user.

{% hint style="warning" %}
The created user will be visible to all developers as part of Arnica's interactions, such as comments on merge requests. Hence, it is recommended to name the service account properly, such as `arnica-service-account`
{% endhint %}

## Prerequisites

### Ensure network connectivity between Arnica and Self-Managed GitLab

Ensure that your on-premises GitLab instance is accessible to Arnica by configuring the necessary DNS and NAT rules.

### Grant Group permissions to the application user

1. Login to Gitlab, and click on the required Gitlab group
2. Click on "Manage" -> "Groups"

   -Or Navigate to `https://gitlab.com/groups/[YOUR_GROUP]/-/group_members`
3. Click on `Invite Members` , type the username or email of the dedicated service account, select an `Owner` role, and click on `Invite`

<figure><img src="https://4035514934-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMxc1Ek3qoIZi5t2Sx7do%2Fuploads%2Fgit-blob-5806fb83d8e81a300ed05eb5347f379da1ea2e35%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>

4. Accept the invite by the dedicated service account.

{% hint style="warning" %}
If your environment is comprised of multiple groups, repeat the steps above for each group with the same user.
{% endhint %}

### Grant Admin Permissions to the application user

1. Login to your Self-Managed GitLab
2. At the lower-left side of the screen, hit `Admin Area`
3. Under the `Overview` menu, hit `Users`
4. Locate the Arnica Integration user, and hit `Edit`
5. Scroll down, and under `Access level`, select **`Administrator`**
6. Hit `Save changes`

## Integration process

### Generate a Personal Access Token

1. Login with the application user and navigate to the [Personal Access Tokens page](https://gitlab.com/-/user_settings/personal_access_tokens).
2. Click on `Create App Password` and assign the following settings to the token:

<figure><img src="https://4035514934-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMxc1Ek3qoIZi5t2Sx7do%2Fuploads%2Fgit-blob-d126966248184e06be73169c9fe10516b1aa2fb7%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>

3. Remove token expiration by clicking on the "X" next to the Expiration Date.
4. Click on `Create personal access token`.
5. Copy the credentials into a temporary place to use them later in the integration process below.

### Integrate

1. Navigate to the [Integrations page](https://app.arnica.io/#/admin/integrations) in Arnica and click on `GitLab`.
2. Click on the `Access Token` tab.
3. Fill in the token from the step above.
4. Click on `Validate` to ensure that the token works properly and then click on `OK`.

{% hint style="info" %}
Arnica will integrate with all groups associated with this user. Arnica's default policies include scan-only functionality. While scanning will begin immediately, developers will not see any impact until Arnica's polices are updated to take actions.
{% endhint %}