SAML Boot Camp - DeAndre

Goal of this checklist: Set a clear path for SAML SSO Expert training

Objectives: At the end of this bootcamp, you should be able to:

• Understand how GitLab leverages the OmniAuth gem with a SAML Strategy to act as a SAML 2.0 Service Provider
• Understand how to set up SAML and SCIM apps for SSO for Groups
• Troubleshoot customer's issues with SAML and SCIM

Remember to contribute to any documentation that needs updating

Stage 1: Commit and Become familiar with what SAML is

• Done with Stage 1

1. Ping your manager on the issue to notify them you have started.
2. Commit to this by adding yourself to the knowledge areas page.
3. Commit to this by notifying the current experts that they can start routing non-technical SAML SSO questions to you
4. Read through the GitLab SAML Documentation.
5. Read through the omniauth-saml gem documentation.
6. Read through the GitLab SAML SSO for Groups Documentation.
7. Read through the GitLab SCIM provisioning using SAML SSO for Groups Documentation.
8. Watch the Manage 201 SAML knowledge sharing. You can access the slides as well.

Stage 2: Technical Setup

• Done with Stage 2

1. Implement SAML on the GDK

   1. Using the SAML How To Documentation, set up a SAML IdP using the provided Docker image.
   2. Set up both instance-wide SAML and Group SAML on your GDK instance.
   3. Contribute to the documentation with any issues or troubleshooting steps.

2. Create a test app on a cloud provider IdP where we support SCIM and connect it either with your GDK or a GitLab.com group.

   1. The infrastructre for troubleshooting workflow page has info on getting access to Azure or Okta. Alternatively, you can create a trial account on one of the platforms. As most questions are about Azure, consider choosing Azure for this exercise.
   2. If using Gitlab.com, ensure your GitLab.com test group has Silver or Gold plan. If needed, create an access request to get a test group upgraded, or ask team members for access to an existing one.
   3. Follow the documentation to set up SAML and SCIM. The specific provider sections link to a demo video if one exists. If we have SCIM for an IdP where no such video exists, consider contributing one!
   4. Ensure you are familiar with the troubleshooting section in order to know what common cases are documented.

Stage 3: Tickets

• Done with Stage 3

1. Go through 10 solved SAML/SSO tickets to check the responses and get a sense of the types of frequently asked questions that come up.
   1. __
   2. __
   3. __
   4. __
   5. __
   6. __
   7. __
   8. __
   9. __
   10. __
2. Answer 10 SAML/SSO tickets and paste the links here, even if a ticket seems too advanced for you to answer. Find the answers from an expert and relay them to the customers.
   1. https://gitlab.zendesk.com/agent/tickets/167676
   2. __
   3. __
   4. __
   5. __
   6. __
   7. __
   8. __
   9. __
   10. __

Stage 4: Pair on Customer Calls

• Done with Stage 4

1. Pair on two calls, where a customer has a problem with SAML/SSO.
   1. call with ___
   2. call with ___

Penultimate Stage: Review

You feel that you can now do all of the objectives:

1. Understand how GitLab leverages the OmniAuth gem with a SAML Strategy to act as a SAML 2.0 Service Provider.
2. Understand how to set up SAML and SCIM apps for SSO for Groups.
3. Troubleshoot customer's issues with SAML/SSO.

Any updates or improvements needed? If there are any dead links, out of date or inaccurate content, missing content whether in this bootcamp or in other documentation, list it below as tasks for yourself!

• WIP MR: !256 (closed)

Final Stage

• Have your trainer and manager review this issue.
• Manager: schedule a call (or integrate into 1:1) to review how the bootcamp went once you have reviewed this issue.
• Send a MR to declare yourself a SAML SSO Expert on the team page