Our mission is to empower GitLab system administrators with the toolkit they need to create their desired balance of security and accessibility for their GitLab experience. Authentication is the first impression any new customer has when they configure their shiny new GitLab instance, and we aim to make it as seamless as possible: from that moment of first logging in, to onboarding users, to managing the basic security rules for their instance in a secure, flexible and scalable manner.
#### Top Priorities for FY25
#### Top Priorities for FY26
Our detailed priority list can be found at the [direction page](https://about.gitlab.com/direction/software_supply_chain_security/authentication/#priorities) however on a higher level the focus would be on:
1.GCP integration
1.Auth redesign
2. Cells readiness
3. Service accounts MVC features
3. Service accounts UI and as default machine ID
4. Passwordless authentication
5. Enterprise user admin controls and policies management
6. Bringing Credentials inventory to GitLab.com
7. Reducing the number of flakey tests, older FFs, S3 bugs and manual handing of support/CSM questions.
8. Group SCIM Sync support
9. Service accounts UI and enhanced capabilities
10. Token management enhancements
11. Credential Manager enhancements
5. Reducing the number of flakey tests, older FFs, S3 bugs and manual handing of support/CSM questions.
#### Customer Outcomes we are driving for GitLab
@@ -129,6 +123,12 @@ As the primary interface between customers and engineering team, support team ha
- Key channels of interest are `#engineering-fyi`, `#team-member-updates`, `#g_sscs_authentication`, `#sec_section`, `#ceo`, `#cto`
- We create a weekly issue to inform the team members about the company or team updates, to share important links or to be informed about the team availability. Creation of the issue is the responsibility of an Engineering Manager, who can use an issue template located in the [SSCS/Auth repo](https://gitlab.com/gitlab-org/software-supply-chain-security/authentication/discussion). All weekly updates can be found in the project issue list [filtered by weekly update label.](https://gitlab.com/gitlab-org/software-supply-chain-security/authentication/discussion/-/issues/?sort=updated_desc&state=closed&label_name%5B%5D=weekly%20update&first_page_size=20)
#### Out of office planning
PTO and breaks are encouraged throughout the year following GitLab PTO policies https://handbook.gitlab.com/handbook/people-group/time-off-and-absence/time-off-types/. Of note is when creating coverage issue for longer time off requests, please consider either working with the EM to have the coverage details identified early enough (1+ milestone) such that capacity can be set aside to provide that coverage from another team member to continue the work or it's safe to pause the MR in flight such that it's picked up upon your return.
Ideally we have planned the work such that PTO does not change our committed timelines (and the timelines already account for folks being away). This way work is simply paused and then continued by original DRI upon their return, unless it's a task that has multiple DRIs who can easily continue the work.
#### MR review requests
CODEOWNER file contains commons code areas that can potentially affect authentication related behaviours and is used to request `group::authentication` reviews during development. The request source can be directly related to an authentication feature either coming from a team member within the group or outside. In this case we should complete a `backend`, `frontend` review holistically as we own the feature domain.
