'New user' flow for SSOing into a GitLab.com group [UX]
To support a new user flow after a user successfully SSOs, we need to consider and support a scenario where a user:
- Does not have a pre-existing user account on the instance, and/or
- The connected group enforcing SSO is requiring dedicated credentials, and the user must register a user account specifically for that group.
The main requirement here is a new treatment for the sign-in/registration page; see GitHub's reference image below. The user should understand:
- That their SSO attempt was successful (they were authenticated from the connected identity provider)
- Why they're being asked to create an account
- That their new account will be used to access a specific group
- That after registration, they'll be redirected to whatever resource they were requesting.
- Group managed account
- No group managed account
- no existing GitLab.com account linked, signed in (user chooses an account to link)
- no existing GitLab.com account linked, not signed in (the user needs to sign in or register)
- existing GitLab.com account linked