SAML Enforcement session is not set when using 2FA on GitLab
Groups::OmniauthCallbacksController we call
sign_in and on
link_identity. However when using 2FA users are instead shown a page where a 2FA token can be entered via
The naive solution is to call
prompt_for_two_factor when using Group SSO, however it would be more correct to do so after the 2FA is complete. To take that approach we'll need to think about how to pass on our intention to store this.