Add SAML support to Okta GitLab application
In #210064 (closed) we published an Okta GitLab application with SCIM support. We can also add SAML support to the same application. This makes sense since SAML and SCIM work together. It also makes configuration very easy for the end-user.
Okta documentation for creating an SSO application can be found at https://developer.okta.com/docs/guides/build-sso-integration/saml2/before-you-begin/. This would be an add-on to our existing application.
- Can we make the application 'generic' enough that it works for SAML for both self-managed and .com? For SCIM is seems to be possible (if we supported SCIM on self-managed) because the only two configuration items are the URL and an API token. The same may not be true of SAML.
- Does the SCIM API require any adjustments to work ideally with Okta combined application? The most likely place I see potential issues is between the
extern_uidand how we determine usernames for users created by SAML/SCIM. We need to ensure that the username is configurable independent of the
extern_uid. @cynthia captures some of this in #216173 (comment 386961066)
- What does the migration path look like for customers using the generic Okta SAML application and moving to the GitLab application? What documentation do we need to make that seemless?