group features
GitLab Ultimate Group-Level Features - Complete Guide
Last Updated: 2026-01-08 GitLab Version: 18.x series Tier: Ultimate (with Premium features noted)
Table of Contents
- Introduction to Groups
- Plan Menu
- Code Menu
- Build Menu
- Secure Menu
- Deploy Menu
- Operate Menu
- Monitor Menu
- Analyze Menu
- Manage Menu
- Settings Menu
Introduction to Groups
Groups in GitLab serve as containers for organizing related projects and provide portfolio management capabilities. They enable collaboration across multiple projects and offer enterprise-level features for managing teams, security, and compliance.
Group Hierarchy
- Top-level groups: Can contain projects and subgroups
- Subgroups: Can nest up to 20 levels deep
- Projects: Leaf nodes in the group tree
Key Benefits
- Centralized Management: Manage members, settings, and permissions across multiple projects
- Portfolio Visibility: Track work across all projects in a group
- Shared Resources: Share runners, variables, and configurations
- Enterprise Features: Access compliance, security dashboards, and advanced planning tools
Group vs Project Features
Some features are only available at the group level:
- Epics (Premium/Ultimate)
- Roadmaps (Premium/Ultimate)
- Security Dashboard (Ultimate)
- Compliance Management (Ultimate)
- Contribution Analytics (Premium/Ultimate)
Plan Menu
Issues
Path: Plan > Issues
Purpose: Aggregate view of issues across all group projects.
Key Features:
- View all issues from all projects in group
- Filter by project, label, milestone, assignee
- Search across all group issues
- Bulk edit issues
- Export issues list
- Create issues in any project
Group-Specific Capabilities:
- Cross-project issue views
- Group-level labels
- Group-level milestones
- Epic relationships visible
Best Practices:
- Use group labels for cross-cutting concerns
- Create group milestones for coordinated releases
- Regular grooming of cross-project issues
- Establish labeling conventions at group level
Common Pitfalls:
- Mixing project and group labels
- Inconsistent issue tracking across projects
- Not leveraging group-level views
- Duplicate issues across projects
Integration Points:
- Links to epics
- Feeds group-level analytics
- Group milestones and iterations
- Value stream analytics
Epic Boards
Path: Plan > Epic boards (Premium/Ultimate)
Purpose: Visual workflow management for epics across the group.
Key Features:
- Kanban-style board for epics
- Customizable lists (labels, assignees)
- Drag and drop epics between lists
- Filter by label, author, milestone
- Multiple boards per group
- WIP limits per list
List Types:
- Open (all open epics)
- Closed (all closed epics)
- Label lists
- Assignee lists
Best Practices:
- Create boards for different strategic initiatives
- Use WIP limits to prevent overcommitment
- Regular epic grooming sessions
- Align board workflow with strategic planning
Common Pitfalls:
- Too many lists on single board
- Not moving epics through workflow
- Creating epics without clear objectives
- Boards not reflecting actual work status
Integration Points:
- Linked to child issues and epics
- Roadmap visualization
- Portfolio management
- Strategic planning
Epics
Path: Plan > Epics (Premium/Ultimate)
Purpose: Track large initiatives spanning multiple issues and projects.
Key Features:
- Hierarchical epic structure (nested epics up to 7 levels)
- Group issues from multiple projects
- Start and end dates
- Progress tracking (% complete)
- Labels and milestones
- Assignees (multiple in Ultimate)
- Time tracking
- Health status (On track, Needs attention, At risk)
- Confidential epics
Epic Hierarchy:
Epic (Level 1)
Sub-epic (Level 2)
Issue
Issue
Sub-epic (Level 2)
Sub-epic (Level 3)
Issue
Issue
Key Metrics:
- Total issues vs closed issues
- Start and end dates
- Time tracking rollup
- Health status indicator
Best Practices:
- Break down strategic objectives into epics
- Use nested epics for complex initiatives
- Set realistic start/end dates
- Track health status regularly
- Link related epics
- Use epic templates for consistency
Common Pitfalls:
- Epics too broad or too narrow
- Not updating epic status
- Missing start/end dates
- Too deep nesting (hard to manage)
- Epics without clear success criteria
Integration Points:
- Child issues across projects
- Roadmap visualization
- OKRs (objectives and key results)
- Value stream analytics
- Portfolio dashboards
Roadmap
Path: Plan > Roadmap (Premium/Ultimate)
Purpose: Timeline visualization of epics and milestones.
Key Features:
- Gantt-style timeline view
- Epics displayed by start/end dates
- Milestone markers
- Zoom levels (quarters, months, weeks)
- Filter by epic, label, milestone, author
- Color-coded by epic
- Drag to adjust dates
- Expand/collapse epic hierarchy
Timeline Views:
- Quarters (strategic planning)
- Months (release planning)
- Weeks (sprint planning)
Roadmap Filters:
- Label (show only specific themes)
- Milestone (align with releases)
- Author (by creator)
- Your epics (assigned to you)
- Confidential (show/hide)
Best Practices:
- Keep roadmap updated with actual dates
- Use quarters for long-term planning
- Color-code by strategic theme
- Share roadmap with stakeholders
- Regular roadmap review sessions
- Align with release schedule
Common Pitfalls:
- Dates never updated (stale roadmap)
- Too many epics (cluttered view)
- No clear themes or color coding
- Roadmap disconnected from execution
- Not communicating changes
Integration Points:
- Epics drive roadmap
- Milestones shown as markers
- Links to issues and projects
- Executive reporting
- Portfolio management
Milestones
Path: Plan > Milestones
Purpose: Group-level milestones shared across all projects.
Key Features:
- Create group milestones
- Visible to all projects in group
- Track issues and MRs across projects
- Burndown charts (Premium/Ultimate)
- Progress percentage
- Start and due dates
- Description and metadata
Group Milestones vs Project Milestones:
- Group: Shared across all group projects
- Project: Specific to single project
Best Practices:
- Use group milestones for coordinated releases
- Name consistently (e.g.,
v0.3.x,Q1 2026) - Set realistic completion dates
- Track cross-project dependencies
- Close milestones when complete
Common Pitfalls:
- Mixing group and project milestone purposes
- Creating duplicate milestones
- Not closing completed milestones
- Milestones without clear scope
Integration Points:
- Issues and MRs from all projects
- Roadmap display
- Release planning
- Value stream analytics
- Burndown tracking
Iterations
Path: Plan > Iterations (Premium/Ultimate)
Purpose: Group-level iteration cadences for agile planning.
Key Features:
- Iteration cadences at group level
- Automatic iteration creation
- Fixed duration sprints
- Start and end dates
- Assign issues to iterations
- Burnup/burndown charts
- Velocity tracking
- Cross-project sprint planning
Cadence Configuration:
- Title and description
- Start date
- Duration (1-4 weeks typical)
- Iterations in advance (auto-create)
- Roll over issues option
Best Practices:
- Define cadences at group level for consistency
- Use automated cadences for regular sprints
- Track velocity across iterations
- Don't overcommit iteration capacity
- Regular iteration retrospectives
- Cross-team sprint planning
Common Pitfalls:
- Inconsistent iteration lengths
- Not using cadences
- Moving too much work between iterations
- Multiple cadences causing confusion
- No velocity tracking
Integration Points:
- Issues assigned to iterations
- Issue boards show iteration swimlanes
- Burndown/burnup charts
- Velocity and volatility metrics
- Value stream analytics
OKRs
Path: Plan > OKRs (Ultimate)
Purpose: Objectives and Key Results for strategic goal tracking.
Key Features:
- Create objectives at group level
- Define key results under objectives
- Track progress (0-100%)
- Assign to users/teams
- Link to issues and epics
- Hierarchical OKR structure
- Progress visualization
- Time-bound (quarterly typical)
OKR Hierarchy:
Objective
Key Result 1
Key Result 2
Key Result 3
OKR Structure:
- Objective: Qualitative goal (e.g., "Improve platform reliability")
- Key Result: Quantitative measure (e.g., "Reduce P1 incidents to <5/month")
Key Features:
- Objectives can have up to 100 child OKRs
- Key results cannot have children
- Progress tracked automatically or manually
- Assignees (multiple in Ultimate)
- Due dates and milestones
- Health status
Best Practices:
- Set quarterly OKRs
- Align team OKRs with company objectives
- Make key results measurable
- Regular check-ins (weekly/bi-weekly)
- Link issues and epics to OKRs
- Celebrate achievements
Common Pitfalls:
- Too many OKRs (focus on 3-5)
- Key results not measurable
- Set and forget (no tracking)
- No alignment across teams
- OKRs not linked to actual work
Integration Points:
- Links to issues and epics
- Progress from child work items
- Portfolio dashboards
- Executive reporting
- Strategic planning
Wiki
Path: Plan > Wiki
Purpose: Group-level documentation wiki.
Key Features:
- Group-wide documentation
- Same features as project wikis
- Separate Git repository
- Markdown, AsciiDoc, RDoc, Org
- Version control
- Clone and edit locally
- Sidebar navigation
Best Practices:
- Use for group-wide policies
- Document team processes
- Architecture decision records
- Onboarding documentation
- Cross-project guides
Common Pitfalls:
- Duplicate content with project wikis
- No clear organization
- Outdated content
- Not leveraging for group knowledge
Integration Points:
- Separate from project wikis
- Group-level access control
- Global search
- Can reference projects/issues
Code Menu
Merge Requests
Path: Code > Merge requests
Purpose: Aggregate view of all merge requests across group projects.
Key Features:
- View all MRs in group
- Filter by project, author, reviewer, label
- Sort by various criteria
- See approval status (Premium/Ultimate)
- Bulk actions
- Export MR list
Group-Specific Views:
- Cross-project MR visibility
- Group-level approval rules (Ultimate)
- Security and compliance insights
- Code review analytics
Best Practices:
- Monitor open MRs regularly
- Ensure timely reviews
- Track review SLAs
- Balance workload across reviewers
Common Pitfalls:
- Long-lived open MRs
- Bottlenecks in review process
- Inconsistent review standards
- Not leveraging group analytics
Integration Points:
- Code review analytics
- Productivity analytics
- Compliance tracking
- Security scanning results
Repository
Path: Code > Repository
Purpose: Group-level repository insights (limited functionality).
Note: Most repository features are project-specific. This view provides aggregated statistics.
Build Menu
Runners
Path: Build > Runners
Purpose: Manage group-level CI/CD runners.
Key Features:
- Register group runners
- Available to all group projects
- Tag-based job assignment
- Manage runner configuration
- View runner activity
- Pause/activate runners
- Token management
Runner Types at Group Level:
- Group runners: Available to all projects in group
- Shared runners: Instance-wide (if enabled)
- Project runners: Project-specific (managed in projects)
Runner Configuration:
- Tags for job matching
- Lock to current projects
- Runner description
- Maximum job timeout
- Access level (all projects or selected)
Best Practices:
- Use group runners for common build environments
- Tag runners clearly (e.g.,
docker,kubernetes,mac) - Monitor runner utilization
- Regular runner updates
- Secure runner registration tokens
Common Pitfalls:
- Overloaded runners
- Insufficient runners for workload
- Security risks with shared runners
- Outdated runner versions
- Poor tag naming
Integration Points:
- Execute CI/CD jobs
- Shared across group projects
- Cost allocation
- Runner statistics
Secure Menu
Security Dashboard
Path: Secure > Security dashboard (Ultimate)
Purpose: Unified view of security posture across all group projects.
Key Features:
- Vulnerability trends over time
- Severity distribution
- Project-level breakdown
- Scanner type breakdown
- Most vulnerable projects
- Recent security activity
- Filter by time period
Dashboard Sections:
Vulnerability Trends
- Critical, high, medium, low over time
- Trend lines for each severity
- Compare time periods
Projects with Most Vulnerabilities
- Ranked list of projects
- Vulnerability counts per project
- Quick links to project reports
Scanners
- Breakdown by scanner type (SAST, DAST, etc.)
- Scanner coverage across projects
- Missing scanners highlighted
Best Practices:
- Review dashboard weekly
- Track trends, not just totals
- Prioritize high-vulnerability projects
- Ensure scanner coverage
- Set remediation goals
Common Pitfalls:
- Only looking at totals
- Not acting on trends
- Missing scanner coverage
- No accountability for remediation
- Dashboard not shared with stakeholders
Integration Points:
- Aggregates project vulnerability reports
- Links to project-level details
- Compliance reporting
- Executive dashboards
Vulnerability Report
Path: Secure > Vulnerability report (Ultimate)
Purpose: Detailed list of all vulnerabilities across group.
Key Features:
- All vulnerabilities from all projects
- Filter by severity, project, scanner, status
- Sort by various attributes
- Bulk actions (dismiss, resolve)
- Create issues from vulnerabilities
- Export vulnerability data
- Activity stream
Filtering Options:
- Severity (Critical, High, Medium, Low, Info)
- Project (specific or all)
- Scanner type
- Status (Detected, Confirmed, Dismissed, Resolved)
- Activity (Has issue, Does not have issue)
Best Practices:
- Triage vulnerabilities daily
- Prioritize by severity and exploitability
- Create issues for confirmed vulnerabilities
- Document dismissal reasons
- Track mean time to remediate
- Regular security review meetings
Common Pitfalls:
- Overwhelming backlog
- Dismissing without review
- No triage process
- Not tracking remediation time
- Missing critical vulnerabilities
Integration Points:
- Security scanning in projects
- Issue creation and tracking
- Compliance frameworks
- Audit logging
- Risk scoring
Dependency List
Path: Secure > Dependency list (Ultimate)
Purpose: Group-level Software Bill of Materials (SBOM).
Key Features:
- All dependencies across all projects
- License information
- Known vulnerabilities per dependency
- Filter by project, license, vulnerability status
- Search dependencies
- Export SBOM data
- CycloneDX format support
Dependency Information:
- Package name and version
- Projects using dependency
- License type
- Known vulnerabilities
- Direct vs transitive
- Package manager
Best Practices:
- Regular dependency audits
- Track license compliance
- Update vulnerable dependencies
- Standardize dependencies across projects
- Maintain approved dependency list
Common Pitfalls:
- Duplicate dependencies across projects
- Inconsistent versions
- License violations
- No update process
- Ignoring transitive dependencies
Integration Points:
- Dependency scanning from projects
- License compliance
- Vulnerability tracking
- Compliance reporting
- SBOM exports
Compliance
Path: Secure > Compliance (Ultimate)
Purpose: Comprehensive compliance management and oversight.
Sub-sections:
Compliance Center
- Overall compliance status
- Framework adherence
- Projects out of compliance
- Violation trends
- Compliance score
Compliance Frameworks
- Create and manage frameworks
- Apply frameworks to projects
- Framework requirements
- Default compliance framework
- Enforcement policies
Compliance Projects
- Projects by compliance status
- Framework coverage
- Compliance gaps
- Remediation tracking
Compliance Violations
- Current violations
- Violation history
- Severity and impact
- Resolution tracking
- Audit trail
Compliance Frameworks:
- Define compliance requirements
- Enforce pipeline configuration
- Security policy enforcement
- Approval requirements
- Apply to multiple projects
Best Practices:
- Define clear compliance frameworks
- Apply frameworks consistently
- Regular compliance audits
- Track violations promptly
- Document compliance decisions
- Automate compliance checks
Common Pitfalls:
- Frameworks too complex
- No clear ownership
- Violations not tracked
- Manual compliance checking
- Frameworks not enforced
Integration Points:
- Security policies
- Pipeline enforcement
- Approval rules
- Audit events
- Compliance reporting
Audit Events
Path: Secure > Audit events (Premium/Ultimate)
Purpose: Group-level audit log for security and compliance.
Key Features:
- Comprehensive audit trail
- Filter by user, event type, date
- Export audit logs
- Stream to external systems (Ultimate)
- Retained indefinitely
- Includes all group and project events
Tracked Events:
- User management (add/remove)
- Permission changes
- Settings modifications
- Project changes
- Compliance activities
- Security policy changes
- Access token usage
- 100+ event types
Streaming Destinations (Ultimate):
- HTTP endpoint
- Google Cloud Logging
- Amazon S3
- Splunk
- Custom integrations
Best Practices:
- Enable audit streaming (Ultimate)
- Regular audit log reviews
- Set up alerts for critical events
- Integrate with SIEM
- Compliance reporting from audits
- Document investigation procedures
Common Pitfalls:
- Not reviewing audit logs
- No streaming to SIEM
- Missing critical events
- No alerting configured
- Audit logs not used in investigations
Integration Points:
- All group and project activities
- External SIEM systems
- Compliance reporting
- Security investigations
- Access reviews
Credentials Inventory
Path: Secure > Credentials inventory (Ultimate)
Purpose: Track all credentials (SSH keys, tokens) across group.
Key Features:
- View all SSH keys by user
- Personal access tokens
- Project access tokens
- Deploy keys
- Deploy tokens
- Filter by user, expiration
- Identify stale credentials
Credential Types:
- Personal access tokens
- Project access tokens
- Group access tokens
- SSH keys
- Deploy keys
- Deploy tokens
Best Practices:
- Regular credential audits
- Enforce expiration dates
- Revoke unused credentials
- Rotate credentials regularly
- Monitor for unauthorized access
Common Pitfalls:
- Long-lived credentials
- No expiration dates
- Stale credentials not revoked
- Overly permissive scopes
- No rotation policy
Integration Points:
- User management
- Access control
- Audit logging
- Compliance tracking
- Security policies
Deploy Menu
Package Registry
Path: Deploy > Package registry
Purpose: Group-level package registry for shared packages.
Key Features:
- All packages from group projects
- Group-level packages (shared)
- Filter by project, type
- Package versions
- Download statistics
- Delete packages
- Virtual registry (Ultimate)
Supported Package Types:
- npm
- Maven
- PyPI
- NuGet
- Composer
- Conan
- RubyGems
- Terraform modules
- Generic packages
Group Registry Benefits:
- Share packages across all projects
- Centralized package management
- Consistent versioning
- Reduced duplication
Best Practices:
- Use group registry for shared libraries
- Semantic versioning
- Cleanup old versions
- Document package usage
- Access control per package
Common Pitfalls:
- Duplicate packages in projects
- No cleanup policy
- Inconsistent versioning
- Missing documentation
- Overly permissive access
Integration Points:
- CI/CD publishing
- Project dependencies
- Vulnerability scanning
- License compliance
- Usage analytics
Container Registry
Path: Deploy > Container registry
Purpose: Group-level container image storage.
Key Features:
- All container images from group projects
- Group-level images
- Tag management
- Cleanup policies
- Vulnerability scanning
- Size and usage stats
Best Practices:
- Use group registry for base images
- Cleanup policies for old tags
- Scan images for vulnerabilities
- Use multi-stage builds
- Document image usage
Common Pitfalls:
- No cleanup policy
- Using :latest in production
- Not scanning images
- Large image sizes
- Inconsistent tagging
Integration Points:
- CI/CD image builds
- Container scanning
- Kubernetes deployments
- Deployment tracking
- Storage management
Operate Menu
Terraform States
Path: Operate > Terraform states (Premium/Ultimate)
Purpose: Group-level Terraform state management.
Key Features:
- All Terraform states from group projects
- State locking
- State versioning
- Access control
- Audit state changes
Best Practices:
- Centralize state management
- Use state locking
- Regular state backups
- Restrict state access
- Audit state changes
Common Pitfalls:
- State per project instead of group
- No access control
- Not using locking
- No backup strategy
Integration Points:
- Terraform backend
- CI/CD infrastructure automation
- Audit logging
- Access control
Kubernetes
Path: Operate > Kubernetes (Premium/Ultimate)
Purpose: Group-level Kubernetes cluster management.
Key Features:
- Connect multiple clusters
- GitLab Agent for Kubernetes
- Shared clusters across projects
- Cluster monitoring
- Agent health status
Best Practices:
- Use GitLab Agent (not certificates)
- One agent per cluster
- Group-level clusters for shared environments
- Monitor agent health
- GitOps workflows
Common Pitfalls:
- Using deprecated certificate method
- Agents not monitored
- No cluster organization
- Missing GitOps setup
Integration Points:
- Project deployments
- CI/CD automation
- Environment tracking
- Auto DevOps
Monitor Menu
Incidents
Path: Monitor > Incidents
Purpose: Group-level incident tracking.
Key Features:
- All incidents from group projects
- Filter by project, severity, status
- Incident timelines
- Escalation visibility
- Cross-project incident trends
Best Practices:
- Centralized incident response
- Shared on-call schedules
- Group-level post-mortems
- Track MTTR across group
Common Pitfalls:
- Siloed incident response
- No group-level visibility
- Inconsistent incident practices
- Missing post-mortems
Integration Points:
- Project incidents
- Alert management
- DORA metrics
- On-call schedules
Analyze Menu
Value Streams Dashboard
Path: Analyze > Value streams dashboard (Ultimate)
Purpose: Executive dashboard for software delivery performance.
Key Features:
- DORA metrics across group
- Custom metrics and dashboards
- Trend visualization
- Compare time periods
- Filter by project, label, milestone
- Export dashboard data
DORA Metrics:
- Deployment frequency
- Lead time for changes
- Change failure rate
- Time to restore service
Dashboard Panels:
- DORA metrics tiles
- Trend charts
- Comparison views
- Custom metric panels
Best Practices:
- Review weekly with leadership
- Track trends over time
- Set improvement goals
- Share with stakeholders
- Drill into bottlenecks
Common Pitfalls:
- Only looking at metrics, not improving
- Comparing teams unfairly
- Gaming metrics
- No action on insights
Integration Points:
- Value stream analytics
- Project data aggregation
- Executive reporting
- Goal tracking
Value Stream Analytics
Path: Analyze > Value stream analytics (Premium/Ultimate)
Purpose: Measure and optimize delivery performance across group.
Key Features:
- Custom value streams
- Stage-level metrics
- DORA metrics
- Filter by project, label, author
- Historical trends
- Bottleneck identification
- Cycle time analysis
Default Stages:
- Issue Commit
- Commit Merge
- Merge Deploy
- Deploy Production
Custom Value Streams:
- Define stages specific to workflow
- Set stage start/end events
- Track custom metrics
- Compare value streams
Best Practices:
- Create value streams per product line
- Track stage times regularly
- Identify and address bottlenecks
- Compare across teams carefully
- Continuous improvement focus
Common Pitfalls:
- Using only default value stream
- Not acting on bottlenecks
- Unfair team comparisons
- Gaming metrics
- No baseline measurement
Integration Points:
- Issues, MRs, deployments
- CI/CD pipelines
- DORA metrics
- Executive dashboards
CI/CD Analytics
Path: Analyze > CI/CD analytics
Purpose: Pipeline performance across all group projects.
Key Features:
- Pipeline success rates by project
- Duration trends
- Failed pipeline analysis
- Runner utilization
- Aggregate statistics
Best Practices:
- Monitor group-wide success rate
- Identify problematic projects
- Track improvement over time
- Optimize common bottlenecks
Common Pitfalls:
- Not addressing low success rates
- Ignoring slow pipelines
- No optimization initiatives
- Missing baseline metrics
Integration Points:
- Pipeline execution data
- Runner metrics
- Project analytics
- Cost tracking
Code Review Analytics
Path: Analyze > Code review analytics (Premium/Ultimate)
Purpose: Code review efficiency across group.
Key Features:
- Review time metrics by project
- Comments per MR
- Reviewer workload
- Review bottlenecks
- Cross-project comparison
Best Practices:
- Track review SLAs
- Balance reviewer workload
- Identify training needs
- Improve MR size/quality
Common Pitfalls:
- Long review times ignored
- Unbalanced workload
- No review standards
- Missing SLAs
Integration Points:
- MR data
- Productivity analytics
- Team capacity planning
Repository Analytics
Path: Analyze > Repository analytics
Purpose: Repository statistics across group projects.
Key Features:
- Commit activity by project
- Programming language breakdown
- Code coverage trends
- Top contributors
Best Practices:
- Monitor code coverage trends
- Recognize top contributors
- Track activity patterns
Common Pitfalls:
- Focusing only on commit counts
- Ignoring coverage trends
- Not celebrating contributions
Integration Points:
- Repository data
- Coverage reports
- Contributor statistics
Merge Request Analytics
Path: Analyze > Merge request analytics (Premium/Ultimate)
Purpose: MR throughput and efficiency metrics.
Key Features:
- MRs merged per month by project
- Average time to merge
- Throughput trends
- Filter by label, milestone
Best Practices:
- Track monthly trends
- Set time-to-merge goals
- Improve throughput
- Address slow projects
Common Pitfalls:
- Optimizing speed over quality
- No baseline metrics
- Missing goals
Integration Points:
- MR completion data
- Value stream analytics
- Productivity analytics
Productivity Analytics
Path: Analyze > Productivity analytics (Premium/Ultimate)
Purpose: Team productivity insights across group.
Key Features:
- Days to merge distribution
- Commit patterns
- Lines of code trends
- Comments per MR
- File change statistics
- Filter by project, author, label
Use Cases:
- Identify workflow slowdowns
- Training opportunities
- Process optimization
- Capacity planning
Best Practices:
- Use for team discussions, not performance reviews
- Look for patterns, not individuals
- Combine with qualitative feedback
- Focus on process improvement
Common Pitfalls:
- Using for individual assessment
- Gaming metrics
- Wrong metrics focus
- No action on insights
- Creating adversarial environment
Integration Points:
- MR and commit data
- Code review analytics
- Team retrospectives
- Process improvement
Contribution Analytics
Path: Analyze > Contribution analytics (Premium/Ultimate)
Purpose: Track contributions across group projects.
Key Features:
- Push events by user
- Merge requests by user
- Issues created/closed
- Filter by user, date range
- Export contribution data
Best Practices:
- Recognize top contributors
- Track participation trends
- Identify areas needing support
- Celebrate achievements
Common Pitfalls:
- Using for performance reviews
- Quantity over quality focus
- Not recognizing different contribution types
- Missing context
Integration Points:
- User activity data
- Recognition programs
- Capacity planning
- Team analytics
Insights
Path: Analyze > Insights (Ultimate)
Purpose: Custom analytics dashboards for group.
Key Features:
- Custom YAML-defined dashboards
- Group-level charts and visualizations
- Issue and MR data
- Share across organization
- Multiple dashboards
Dashboard Configuration:
title: Group Dashboard description: Executive metrics charts: - title: Issues Created vs Closed type: bar query: data_source: issuables params: issuable_type: issue collection: group group_by: month period_limit: 12
Best Practices:
- Create role-specific dashboards
- Keep dashboards simple
- Regular dashboard reviews
- Share with stakeholders
- Maintain dashboards
Common Pitfalls:
- Overly complex dashboards
- Not updating dashboards
- No clear purpose
- Too many dashboards
Integration Points:
- Issue and MR data
- Custom queries
- Executive reporting
- Strategic planning
Manage Menu
Activity
Path: Manage > Activity
Purpose: Activity feed for entire group.
Key Features:
- All activity across group projects
- Filter by activity type
- User activity
- RSS feed available
- Real-time updates
Activity Types:
- Issues opened/closed
- Merge requests created/merged
- Comments
- Pushes
- Wiki updates
- Milestones
Best Practices:
- Monitor for unexpected activity
- Track major milestones
- Celebrate team achievements
- Use RSS for notifications
Common Pitfalls:
- Information overload
- Not filtering appropriately
- Missing important events
- No action on activity insights
Members
Path: Manage > Members
Purpose: Manage group membership and permissions.
Key Features:
- Add users and groups
- Assign roles (Owner, Maintainer, Developer, Reporter, Guest)
- Set expiration dates
- Invite via email
- Pending invitations
- Inherited members from parent groups
- Direct members only view
Group Roles:
Owner (50)
- Full group access
- Delete group
- Manage members
- Transfer projects
- Manage group settings
Maintainer (40)
- Create projects
- Manage group members (except Owners)
- Edit group settings
- Cannot delete group
Developer (30)
- Create projects
- Push to projects
- Manage project settings
- Cannot manage members
Reporter (20)
- View code
- Create issues
- Comment on issues and MRs
- Cannot push code
Guest (10)
- View issues
- Leave comments
- Cannot view code
Member Management Features:
- Bulk import members
- LDAP/SAML group sync (Premium/Ultimate)
- Group access tokens
- Member approvals
- Activity tracking
Best Practices:
- Principle of least privilege
- Use subgroups for fine-grained access
- Regular access reviews
- Set expiration for temporary access
- Use SAML group sync for enterprise
- Document permission decisions
Common Pitfalls:
- Over-permissioning users
- Not conducting access reviews
- Individual user management instead of group sync
- No offboarding process
- Missing expiration dates
Integration Points:
- Authentication (SAML, LDAP)
- Parent group membership
- Project access inheritance
- Audit logging
Labels
Path: Manage > Labels
Purpose: Manage group-wide labels.
Key Features:
- Create group labels
- Available to all projects in group
- Priority labels
- Color coding
- Label descriptions
- Promote project labels to group
- Subscribe to labels
Label Types:
- Group labels (visible to all group projects)
- Project labels (specific to project)
- Priority labels (sort issues by priority)
Best Practices:
- Establish labeling conventions
- Use group labels for cross-cutting concerns
- Document label meanings
- Regular label audits
- Promote common project labels to group
- Use scoped labels (e.g.,
status::open,status::closed)
Common Pitfalls:
- Too many labels
- Inconsistent label usage
- Duplicate labels across projects
- No documentation
- Outdated labels not archived
Integration Points:
- Issues and MRs
- Issue boards
- Roadmaps
- Analytics and filtering
- Automation rules
SAML SSO
Path: Manage > SAML SSO (Premium/Ultimate)
Purpose: Configure SAML single sign-on for group.
Key Features:
- SAML 2.0 authentication
- Identity provider integration
- Group membership sync
- Enforce SSO
- Role mapping
- SCIM user provisioning (Ultimate)
Supported Identity Providers:
- Okta
- Azure AD
- Google Workspace
- OneLogin
- ADFS
- Any SAML 2.0 provider
SAML Configuration:
- Identity provider SSO URL
- Certificate fingerprint (SHA1 or SHA256)
- Name ID format
- Required attributes
Best Practices:
- Enforce SSO for security
- Set up SCIM provisioning (Ultimate)
- Map roles appropriately
- Test with small group first
- Document IdP configuration
- Regular access reviews
Common Pitfalls:
- Not enforcing SSO
- Incorrect role mapping
- Missing SCIM provisioning
- No fallback access method
- Incorrect certificate fingerprint
Integration Points:
- Identity provider
- SCIM user provisioning
- Group membership
- Audit logging
- Access control
Usage Quotas
Path: Manage > Usage quotas
Purpose: Monitor resource usage across group.
Key Features:
- Storage usage by project
- CI/CD minutes by project
- Transfer usage
- Shared runners minutes
- LFS storage
- Package registry storage
- Container registry storage
- Wiki storage
Quota Types:
- Storage (repository, LFS, artifacts, packages)
- Compute (CI/CD minutes)
- Transfer (data egress)
Best Practices:
- Monitor usage regularly
- Set up alerts for quota limits
- Implement cleanup policies
- Allocate costs to teams
- Optimize resource usage
Common Pitfalls:
- Hitting quota limits unexpectedly
- No cleanup policies
- Inefficient resource usage
- No cost visibility
- Missing usage alerts
Integration Points:
- Project storage
- CI/CD usage
- Cost allocation
- Capacity planning
- Cleanup policies
Billing
Path: Manage > Billing (SaaS only)
Purpose: Manage group subscription and billing.
Key Features:
- View subscription details
- Manage seats
- Payment methods
- Invoice history
- Usage-based billing
- Add/remove seats
Subscription Management:
- Tier (Free, Premium, Ultimate)
- Seat count
- Renewal date
- Billing contact
Best Practices:
- Regular seat audits
- Remove unused seats
- Annual billing for discounts
- Monitor overages
- Budget planning
Common Pitfalls:
- Paying for unused seats
- Missing renewal dates
- No cost tracking
- Unexpected overages
Settings Menu
General
Path: Settings > General
Purpose: Core group configuration.
Sections:
Naming, visibility
- Group name and URL
- Group description
- Group avatar
- Visibility level (Private, Internal, Public)
Permissions and group features
- Project creation permissions
- Subgroup creation permissions
- Member lock
- SAML settings
- IP restrictions (Ultimate)
- Allowed email domains (Premium/Ultimate)
Merge request approval settings (Premium/Ultimate)
- Prevent approval by author
- Prevent approvals by users who add commits
- Prevent editing approval rules in projects
- Require user re-authentication for approvals
Compliance frameworks (Ultimate)
- Default compliance framework
- Compliance pipeline configuration
Advanced
- Transfer group
- Delete group
- Restore group (if deleted)
Best Practices:
- Clear group description
- Appropriate visibility level
- Restrict project creation as needed
- Enable IP restrictions (Ultimate)
- Set default compliance framework
- Regular settings review
Common Pitfalls:
- Wrong visibility level
- Overly permissive settings
- No compliance framework
- Missing IP restrictions
- Unclear group purpose
Projects
Path: Settings > Projects
Purpose: Manage projects in group.
Key Features:
- List all projects
- Archive projects
- Unarchive projects
- Remove projects from group
- Transfer projects
- Project templates
Best Practices:
- Archive inactive projects
- Use project templates for consistency
- Regular project reviews
- Clear project naming
- Organize with subgroups
Common Pitfalls:
- Too many active projects
- Not archiving old projects
- Inconsistent project structure
- Missing project templates
Repository
Path: Settings > Repository
Purpose: Group-level repository settings.
Sections:
Default branch protection
- Default branch protection rules
- Apply to all new projects
Deploy tokens
- Group-level deploy tokens
- Available to all projects
- Read/write registry access
Push rules (Premium/Ultimate)
- Commit message format
- Branch name patterns
- Author email requirements
- File size limits
- Reject unsigned commits
Best Practices:
- Set strong default branch protection
- Use push rules for consistency
- Document repository standards
- Regular rule reviews
Common Pitfalls:
- Weak default protection
- Inconsistent push rules
- No commit message standards
- Missing file size limits
CI/CD
Path: Settings > CI/CD
Purpose: Group-level CI/CD configuration.
Sections:
General pipelines
- Pipeline visibility
- Test coverage parsing
Variables
- Group-level CI/CD variables
- Available to all projects
- Protected variables
- Masked variables
- Environment scope
Runners
- Group runners management
- Enable for projects
- Runner tags
Auto DevOps
- Default Auto DevOps settings
Compliance pipeline configuration (Ultimate)
- Enforce compliance jobs
- Required pipeline configuration
Best Practices:
- Use group variables for shared configuration
- Protect sensitive variables
- Mask secret values
- Document variable usage
- Enable compliance pipelines (Ultimate)
Common Pitfalls:
- Exposed secrets in variables
- Unprotected sensitive variables
- Inconsistent variable naming
- No documentation
- Missing compliance enforcement
Applications
Path: Settings > Applications
Purpose: OAuth applications for group.
Key Features:
- Register OAuth applications
- Application credentials
- Authorized applications
- Group-level integrations
Best Practices:
- Minimum required scopes
- Regular application audits
- Revoke unused applications
- Document application purpose
Common Pitfalls:
- Overly permissive scopes
- Stale applications
- Missing documentation
- Shared credentials
Packages and Registries
Path: Settings > Packages and registries
Purpose: Configure package and container registry settings.
Sections:
Package registry
- Enable/disable package types
- Cleanup policies
- Forwarding rules
- Virtual registry (Ultimate)
Container registry
- Cleanup policies
- Protection rules
- Regex patterns
Cleanup Policies:
- Keep N most recent tags/packages
- Remove older than X days
- Name patterns
- Scheduled cleanup
Best Practices:
- Enable cleanup policies
- Protect production artifacts
- Regular cleanup execution
- Document naming conventions
Common Pitfalls:
- No cleanup policy
- Storage issues
- Deleting production artifacts
- Inconsistent naming
Webhooks
Path: Settings > Webhooks
Purpose: Group-level webhooks.
Key Features:
- Send events to external URLs
- Configure triggers
- Secret tokens
- SSL verification
- Recent deliveries
Webhook Events:
- Push, tag, issues, MRs
- Wiki, deployments, releases
- Group member events
- Subgroup events
Best Practices:
- Use secret tokens
- Enable SSL verification
- Monitor webhook deliveries
- Document webhook purpose
Common Pitfalls:
- Insecure webhooks
- No SSL verification
- Not monitoring failures
- Too many webhooks
Access Tokens
Path: Settings > Access tokens
Purpose: Create group access tokens.
Key Features:
- Create scoped tokens
- Set expiration dates
- Define permissions
- Revoke tokens
- Audit token usage
Token Scopes:
- api (full API access)
- read_api
- read_repository
- write_repository
- read_registry
- write_registry
Best Practices:
- Minimum required scopes
- Set expiration dates
- Rotate regularly
- Audit usage
- Revoke unused tokens
Common Pitfalls:
- Overly permissive scopes
- No expiration
- Tokens in code
- Shared tokens
- No rotation
Domain Verification
Path: Settings > Domain verification
Purpose: Verify domain ownership.
Key Features:
- Verify custom domains
- DNS verification
- Pages domain support
- Email verification
Best Practices:
- Verify all custom domains
- Maintain DNS records
- Regular verification checks
Common Pitfalls:
- Unverified domains
- Expired DNS records
- Missing email configuration
Summary
Group-level features in GitLab Ultimate provide comprehensive portfolio management, security oversight, and enterprise-grade capabilities:
Key Capabilities:
- Portfolio Management: Epics, roadmaps, OKRs for strategic planning
- Security Oversight: Centralized security dashboard and vulnerability management
- Compliance: Frameworks, policies, and audit trails
- Analytics: Value stream, productivity, and contribution insights
- Shared Resources: Runners, packages, configurations
- Enterprise Auth: SAML SSO, SCIM provisioning
Best Practices:
- Leverage group features for cross-project coordination
- Use epics and roadmaps for strategic visibility
- Implement compliance frameworks early
- Monitor security dashboard regularly
- Set up value stream analytics for improvement
- Use group variables for shared configuration
- Enable SAML SSO for enterprise authentication
Sources
This documentation is based on official GitLab resources: