Investigate SAML/LDAP integration for GitLab.com
Description
Customers on GitLab.com who have LDAP need to be able to integrate their authorisation service.
Proposal
The first deliverable milestone should be to define the scope of this issue and answer the questions below:
- Groups should be able to configure SAML authentication for a top-level group (not a subgroup)
- How do we deal with existing accounts who are already added to the group?
- Can an existing account be linked to an external identity - e.g. if the user already has personal projects?
- Is the simplest thing possible to enforce new account creation?
- How does the group page appear to an authorised or unauthenticated user?
- How does somebody login to GitLab or to the group?
- How do we retrieve group information so that we can do similar capability to Group Sync (https://gitlab.com/gitlab-org/gitlab-ee/issues/118)
Links / references
- Screenshots of the configuration process taken during the discovery phase: https://drive.google.com/drive/folders/103gAm1qmBlYwG6f-aT9thrNbcPRD1KH5?usp=sharing
- Notes: https://docs.google.com/document/d/13Vjhdl3VNr6wM1QFNAGabBp69DsjCDhX5k6ocfMcoGA/edit
- Slack channel: https://gitlab.slack.com/messages/C8B6WPDH7
Edited by Pedro Moreira da Silva