Make it clear when Group SAML SSO will link/authorize an identity provider vs loging in or updating
What
On the Group SAML /sso
page the button currently says Sign in with Single Sign-On
. When logged out this message makes sense, but when linking an account for the first time it should say something like Link SAML SSO
or Authorize #{group_name} SAML
. We could also be clearer when re-visiting that page after sign-in that it is updating group membership details set by SAML.
We should also update the descriptive text above the button.
Why
There are security implications with linking/authorizing an external service and allowing it to sign you into GitLab
In some ways this is a pre-requisite for https://gitlab.com/gitlab-org/gitlab-ee/issues/6261 but I've split it out into this issue since it can be done independently