diff --git a/conf/defaults.ini b/conf/defaults.ini
index c8a98567212..4a7c485db66 100644
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -590,6 +590,9 @@ role_attribute_path =
 role_attribute_strict = false
 allow_assign_grafana_admin = false
 tls_skip_verify_insecure = false
+tls_client_cert =
+tls_client_key =
+tls_client_ca =
 
 #################################### GitLab Auth #########################
 [auth.gitlab]
@@ -611,6 +614,9 @@ role_attribute_strict = false
 allow_assign_grafana_admin = false
 skip_org_role_sync = false
 tls_skip_verify_insecure = false
+tls_client_cert =
+tls_client_key =
+tls_client_ca =
 use_pkce = true
 
 #################################### Google Auth #########################
@@ -630,6 +636,9 @@ allowed_domains =
 hosted_domain =
 skip_org_role_sync = false
 tls_skip_verify_insecure = false
+tls_client_cert =
+tls_client_key =
+tls_client_ca =
 use_pkce = true
 
 #################################### Grafana.com Auth ####################
@@ -672,6 +681,9 @@ role_attribute_strict = false
 allow_assign_grafana_admin = false
 force_use_graph_api = false
 tls_skip_verify_insecure = false
+tls_client_cert =
+tls_client_key =
+tls_client_ca =
 use_pkce = true
 
 #################################### Okta OAuth #######################
@@ -694,6 +706,9 @@ role_attribute_strict = false
 allow_assign_grafana_admin = false
 skip_org_role_sync = false
 tls_skip_verify_insecure = false
+tls_client_cert =
+tls_client_key =
+tls_client_ca =
 use_pkce = true
 
 #################################### Generic OAuth #######################
diff --git a/conf/sample.ini b/conf/sample.ini
index 416195cd14d..98eb8ed3df2 100644
--- a/conf/sample.ini
+++ b/conf/sample.ini
@@ -599,6 +599,9 @@
 ;allow_assign_grafana_admin = false
 ;skip_org_role_sync = false
 ;tls_skip_verify_insecure = false
+;tls_client_cert =
+;tls_client_key =
+;tls_client_ca =
 ;use_pkce = true
 
 #################################### Google Auth ##########################
diff --git a/docs/sources/setup-grafana/configure-security/configure-authentication/gitlab/index.md b/docs/sources/setup-grafana/configure-security/configure-authentication/gitlab/index.md
index 8ebcfdaa415..67f214df4dc 100644
--- a/docs/sources/setup-grafana/configure-security/configure-authentication/gitlab/index.md
+++ b/docs/sources/setup-grafana/configure-security/configure-authentication/gitlab/index.md
@@ -62,6 +62,9 @@ role_attribute_path =
 role_attribute_strict = false
 allow_assign_grafana_admin = false
 tls_skip_verify_insecure = false
+tls_client_cert =
+tls_client_key =
+tls_client_ca =
 ```
 
 You may have to set the `root_url` option of `[server]` for the callback URL to be
@@ -82,6 +85,14 @@ to login on your Grafana instance.
 You can limit access to only members of a given group or list of
 groups by setting the `allowed_groups` option.
 
+You can also specify the SSL/TLS configuration used by the client.
+
+- Set `tls_client_cert` to the path of the certificate.
+- Set `tls_client_key` to the path containing the key.
+- Set `tls_client_ca` to the path containing a trusted certificate authority list.
+
+`tls_skip_verify_insecure` controls whether a client verifies the server's certificate chain and host name. If it is true, then SSL/TLS accepts any certificate presented by the server and any host name in that certificate. _You should only use this for testing_, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.
+
 ### Configure refresh token
 
 > Available in Grafana v9.3 and later versions.
@@ -142,6 +153,9 @@ role_attribute_path = is_admin && 'Admin' || 'Viewer'
 role_attribute_strict = true
 allow_assign_grafana_admin = false
 tls_skip_verify_insecure = false
+tls_client_cert =
+tls_client_key =
+tls_client_ca =
 ```
 
 ### Configure automatic login