Force notifications to SAML email address for dedicated users
Description
Currently, a GitLab user specifies one address for all email notifications. Regardless of the number of groups they're in, they'll receive all associated notifs in the same place. This is acceptable for on-prem instances, but this is likely harder to endure on GitLab.com. There, a user could belong to many groups - some could be associated with their personal projects, and some might be associated with full-time or contract work that might be inappropriate to cross with their personal e-mail address.
At the moment, we don't have a way of controlling this. A group on GitLab.com, even if they're using SSO, won't be able to enforce where e-mail notifications go. Notifications that could have confidential information in them will be sent to the user's personal account, and will be preserved even after the user leaves the organization.
Proposal
We should allow an SSO-enabled group to force notifications to go to the e-mail addresses that are associated with their members in the SAML response.
If dedicated credentials are enabled:
- In
profile/notifications
, do not allow the user to change their notification email away from this e-mail address. - In
profile/emails
, do not allow the user to change their primary, commit, or notification email.