Improve SAML Timeout Experience
Problem to solve
We implemented the 7-day timeout for SAML groups for GitLab.com which requires users to re-auth into their SAML provider. This requires users to click to trigger a SAML log-in to check if they still have access to their IdP. This isn't the best user experience.
Proposal
We should improve this experience by making a request out to the SAML provider when the 7-day limit has expired and not require a user click to do so. This is a common pattern used in other enterprise applications.
Availability & Testing
What risks does this change pose to our availability?
This is a low risk feature for GitLab.com availability
What additional test coverage or changes to tests will be needed?
- Ensure that users that have not yet SSO'd should still see the Sign-in screen on GitLab.
- Simulate timeout for an already SSO'd user to ensure the Sign-in screen on GitLab is not shown.
Edited by Sanad Liaquat