Allow admins to disable "social" accounts unlink feature
- Zendesk ticket: https://gitlab.zendesk.com/agent/tickets/14828
Requested feature
Some enterprises would like to just allow one way to sign into their GitLab servers, and the tendency has been to use SAML for this purpose.
But, since SAML is considered a "social" provider, a user can easily unlink it from their profile settings. This brings some concerns to the admins, because if a user unlinks their SAML account, and SAML is the only way to sign in into GitLab, they will be locked out of their accounts until an admin can intervene.
If we give admins the ability to turn off this feature, the users will not be able to unlink their SAML accounts and the admins will be forever happy.
Concrete questions / Next steps
@JobV what do you think?
If we don't want to go the "configurable" route, we can simply not show the unlink
button if the provider is SAML, which will serve the same purpose and make implementation a lot simpler.
cc @rspeicher