Improve SAML Timeout Experience

Problem to solve

We implemented the 7-day timeout for SAML groups for GitLab.com which requires users to re-auth into their SAML provider. This requires users to click to trigger a SAML log-in to check if they still have access to their IdP. This isn't the best user experience.

Proposal

We should improve this experience by making a request out to the SAML provider when the 7-day limit has expired and not require a user click to do so. This is a common pattern used in other enterprise applications.

Availability & Testing

What risks does this change pose to our availability?

This is a low risk feature for GitLab.com availability

What additional test coverage or changes to tests will be needed?

• Ensure that users that have not yet SSO'd should still see the Sign-in screen on GitLab.
• Simulate timeout for an already SSO'd user to ensure the Sign-in screen on GitLab is not shown.