SAML SSO Module - Aakif

Goal of this checklist: Set a clear path for SAML SSO Expert training

Objectives: At the end of this module, you should be able to:

Understand how GitLab leverages the OmniAuth gem with a SAML Strategy to act as a SAML 2.0 Service Provider
Understand how to set up SAML and SCIM apps for SSO for Groups
Troubleshoot customer's issues with SAML and SCIM

Remember to contribute to any documentation that needs updating

Stage 1: Commit and Become familiar with what SAML is

Done with Stage 1

Ping your manager on the issue to notify them you have started.
Commit to this by adding yourself to the knowledge areas page.
Commit to this by notifying the current experts that they can start routing non-technical SAML SSO questions to you
Read through the GitLab SAML Documentation.
Read through the omniauth-saml gem documentation.
Read through the GitLab SAML SSO for Groups Documentation.
Read through the GitLab SCIM provisioning using SAML SSO for Groups Documentation.
Watch the Manage 201 SAML knowledge sharing. You can access the slides as well.
Watch the Support Authentication Deep Dive (recorded June 2020) and review the accompanied slides:

Stage 2: Technical Setup

Done with Stage 2

Implement SAML
- Note: If using GDK, follow the SAML How To Documentation. If you prefer, you can use the same Docker images but with a non-GDK instance of GitLab.
1. Set up instance-wide SAML on your GitLab instance.
2. Set up Group SAML on your GitLab instance.
3. Contribute to the documentation with any issues or troubleshooting steps.
Create a test app on a cloud provider IdP where we support SCIM and connect it either with your GDK or a GitLab.com group.
1. The infrastructre for troubleshooting workflow page has info on getting access to Azure or Okta. Alternatively, you can create a trial account on one of the platforms. As most questions are about Azure, consider choosing Azure for this exercise.
2. If using Gitlab.com, ensure your GitLab.com test group has Silver or Gold plan. If needed, create an access request to get a test group upgraded, or ask team members for access to an existing one.
3. Follow the documentation to set up SAML and SCIM. The specific provider sections link to a demo video if one exists. If we have SCIM for an IdP where no such video exists, consider contributing one!
4. Ensure you are familiar with the troubleshooting section in order to know what common cases are documented.

Stage 3: Tickets

Done with Stage 3

Go through 10 solved SAML/SSO tickets to check the responses and get a sense of the types of frequently asked questions that come up.
1. __
2. __
3. __
4. __
5. __
6. __
7. __
8. __
9. __
10. __
Answer 10 SAML/SSO tickets and paste the links here, even if a ticket seems too advanced for you to answer. Find the answers from an expert and relay them to the customers.

Stage 4: Pair on Customer Calls

Done with Stage 4

Pair on two calls, where a customer has a problem with SAML/SSO.
1. call with ___
2. call with ___

Penultimate Stage: Review

You feel that you can now do all of the objectives:

Understand how GitLab leverages the OmniAuth gem with a SAML Strategy to act as a SAML 2.0 Service Provider.
Understand how to set up SAML and SCIM apps for SSO for Groups.
Troubleshoot customer's issues with SAML/SSO.

Any updates or improvements needed? If there are any dead links, out of date or inaccurate content, missing content whether in this module or in other documentation, list it below as tasks for yourself!

Split SAML module in to two distinct SAML and SCIM modules

Final Stage

Have your trainer and manager review this issue.
Manager: schedule a call (or integrate into 1:1) to review how the module went once you have reviewed this issue.
Send a MR to declare yourself a SAML SSO Expert on the team page

Edited Jan 05, 2021 by Aakif

Assignee Loading

Time tracking Loading