Better error message and documentation for persistant NameID requirement with SAML on .com
- When NameID is missing or changes there should be a sensible error
- We should clearly document the need for a persistent NameID
- When an account is already linked to a different identity we should have a sensible flow to allow unlinking/re-linking.
- We should have troubleshooting documentation for unlinking account.
Without this Group SAML on GitLab.com is hard to set up and hard to troubleshoot in cases where NameID is initially misconfigured.