Update message on signing to SAML SSO enabled group.
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
See the full conversation here: https://gitlab.com/gitlab-org/quality/nightly/issues/73
Maybe I should change it to "SAML for my-group: already signed in to GitLab."
I don't understand how that's substantively different than "Already signed in with SAML for my-group"
🤔 Please correct me if I'm not following the discussion here, but there are roughly 3 scenarios here that don't end in failure:
- The user is already signed in using their password, and they SSO into the group using a user account with an existing SAML link. We might say "Already signed in with (username) for my-group".
- The user is already signed in using their password, and they SSO into the group using a user account without an existing SAML link. We might say "SAML sign-in for my-group updated".
- The user is already signed in using their password, and they SSO into the group that is currently using managed accounts. The user was originally on another account that wasn't the managed account, so we might say "Signed in with managed-username to my-group".
I don't understand how that's substantively different than "Already signed in with SAML for my-group"
In scenario (1.) they haven't signed in "with SAML", but there is a variation (1b.) on that where they have already signed in with SAML and then either re-visited the SSO page or reached us from their Identity Provider. "Already signed in with (username) for my-group" might work for both (1a.) and (1b.). "SAML for my-group: already signed in to GitLab." is my awkward attempt to cover (1a.) and (1b.) while mentioning SAML.
There are roughly 3 scenarios here that don't end in failure
Users might follow the (1.b) re-sign-in with SAML flow to update permissions/name/email once we start doing more with the the SAML attributes. For scenario (2.) we currently use
redirect_identity_linkedwith "SAML for #{@unauthenticated_group.name} was added to your connected accounts". For scenario (3.) we'll add new code paths, so I haven't got a clear picture yet.
For (1.a) and (1.b) where user account has an existing SAML link but is not currently signed into/SSOed into the group, does it make sense to just say
Signed in to (my-group) with SAML.
I suggest not using the word "Already" as it is confusing since the user was not "Already" signed it but only the SAML link existed.
For (2.) where user account does not have an existing SAML link and they SSO into the group and so the SAML link is created for the first time, can we say
Signed in to (my-group) and linked it with SAML