Identity API for updating Omniauth/SAML/LDAP identity links

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

What

API allowing Identity records to be created/updated/deleted by admins.

In EE this should include creating Group SAML Identities with saml_provider_id, and should correctly create group managed accounts.

Why

This can be useful when migrating users to a new instance, or changing

Background

We use the Users API to migrate users to GitLab, but SSO enforcement requires users to have SAML to be added to the group. In https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/14045 we're adding the ability to create a Group SAML Identity at the same time as the user, since the logic already existed for other omniauth Identities.

Long term we might want an Identity API, and for this to also work with Group Managed Accounts

Edited Aug 28, 2025 by 🤖 GitLab Bot 🤖