Restrict user autocompletes to SAML enforced members [BE]
Problem to solve
Users which are not members of SAML-only group show up in project/sub-group/group membership add dropdownlist.
Project and Group admins within enterprises/groups who enforce SAML authentication on gitlab.com. This is a very poor experience.
1 - Create new group e.g. gitlab.com/my_cool_group
2 - Enforce SAML/SSO on my_cool_group
3 - Goto gitlab.com/my_cool_group/-/group_members
4 - Start typing in "Search for a user" field at the top.
5 - There are millions of gitlab.com users in the drop down list which cannot be added due to SAML enforcement, so why show them?
This is a UX problem.
Restrict user autocompletes (project and sub-group members) to users who are SAML linked to the my_cool_group group.
This filter only applies when enforce SAML is enabled at top-level group. e.g. if I created gitlab.com/my_cool_group/my_sub_group, then my_sub_group should also inherit the SAML enforcement and should also adhere to filter.
Permissions and Security
Documentation on the SAML enforcement area.
Test coverage should ensure that when SAML enforcement is disabled - the dropdownlist returns back to the million of users to add.
What does success look like, and how can we measure that?
Dropdownlist shows the user just the applicable SAML'ed group members.
What is the type of buyer?