+1 for LDAP in the Team Edition.
Gitlab as oauth provider and sso might be fine. But try to log-out of mattermost, then the mattermost "login with gitlab" button is shown, suggesting that you are logged out from mattermost, but in fact your just logged out of mattermost, not from gitlab! If you just click the "login with gitlab" you are directly redirected to mattermost again without asked for a password. To be secure logged out you need to logout from mattermost and then call gitlab page on your own and logout there as well. Only this way you are truely logout.
Thats very odd and unsecure for the users, they think they are logged out but they are not.
Think about it.
Greetings Nev