ForgeRock Identity Provider - for SAML/SCIM SSO-enabled group management
Problem to solve
Current IdP support is limited to Azure. Requesting support for ForgeRock.
This issue is related to the ongoing SSO work for GitLab.com
After an employee leaves a company, we need to ensure they're not still a member of the group they previously used their SAML login with. This needs to happen immediately or else the employee might still be within the grace period and access notifications, SSH, API, etc.
As a secondary effect, if we don't remove them from the group, they'll continue to show up in the Members list.
Intended users
All Gitlab.com users federated from corporate identities.
Further details
Proposal
Single User Experience. Provision and deprovision