Prerequisites
- The Owner role in your Claude organization to create an Access bundle; an Admin can add credentials to a bundle that already exists.
- Permission in GitLab to create a user (or a service account on tiers that offer it) and to add that user to the groups or projects Claude should reach.
- An Access bundle to hold the credential. Create one first if you haven’t already.
Create a dedicated GitLab account for Claude
Create a GitLab user that exists only for Claude, for exampleclaude@yourcompany.example.com. On GitLab Premium or Ultimate, a service account is the cleanest fit because it is clearly non-human. On other tiers, a regular user works the same way; treat it as a bot seat.
Set the account’s display name and avatar to whatever you want teammates to see on Claude’s comments and issue activity.
Grant the account access to your groups and projects
Add the service account as a member of each GitLab group or project Claude should work in. Granting at the group level is usually simpler than adding it to projects one at a time, and it means new projects in that group are reachable without another grant. The role you grant determines which API calls succeed. Grant the lowest role that covers what you want Claude to do: reading code and browsing issues and merge requests needs less than creating issues, posting review comments, or acting on pipelines. See GitLab’s permissions reference for what each role allows.Generate a personal access token
Create a personal access token for the account. For a GitLab.com service account, create the token from the group’s service account settings or through the API; for a regular bot user, sign in as it and create the token from its profile. The token starts withglpat-.
Set an expiry that matches your rotation policy, and store the token somewhere you can retrieve it once; GitLab shows it only at creation.
Group access tokens and project access tokens also work in the same field. The service-account approach is recommended because one token covers every group you add the account to, and the identity on comments and issues is yours to name. A group or project token is scoped to that single group or project and appears under a GitLab-generated bot name.
Add the token to an Access bundle
1
Open the bundle's Credentials tab
At
claude.ai/admin-settings/claude-tag, open Access bundles, click into the bundle, and go to Credentials.2
Connect GitLab
Click Connect next to GitLab and paste the token into Personal access token.
3
Attach the GitLab plugin
If your organization’s plugin marketplace includes a GitLab plugin, add it on the bundle’s Plugins tab so Claude knows how to call the GitLab API. See Attach plugins. The connection works without the plugin, which adds ready-made workflows.
Self-managed GitLab
Self-managed GitLab instances are supported when reachable from the public internet. In the Connect GitLab form, open the Advanced tab and add your instance’s hostname under Allowed websites;gitlab.com is preset for GitLab SaaS. An instance on a private network without a public address can’t be connected.
Verify GitLab access
- GitLab is listed under the bundle’s Credentials tab.
- In a channel under the bundle’s scope,
@Claude what can you access from this channel?returns GitLab. - In that same channel, ask Claude to list the open issues in one of your GitLab projects. Claude returns them without prompting for credentials.
Related resources
- Connect GitLab: the credential field reference and how GitLab differs from GitHub
- Give Claude access: the full credential and bundle reference
- Configure GitHub access: the GitHub App path, which is different