Expose SCIM identity in Admin GUI
Summary
The SCIM identity can only be accessed via console at this time. Exposing the SCIM identity to admins and/or users will simplify troubleshooting of SCIM-related issues and allow admins to validate what identity, if any, is being used for a specific account without requiring GitLab Support or API access to query.
Steps to reproduce
- Create a user linked to a SCIM identity
- Check the User Profile or Admin View of the user to validate the SCIM identity
What is the current bug behavior?
Validating SCIM identity requires API access to query for the extern_uid
What is the expected correct behavior?
This data should be exposed via the GUI
Current screen
| Identities tab - empty | Identities tab |
|---|---|
 |
 |
Proposal
- move the
New identitybutton to the primary action buttons row. - Fix the table under
Admin/Users/User details/Identitiesto conform to Pajamas - Add two columns to the table,
GroupandProvider ID - *Update success banner to an
in-pagealert above the list.- This might be unnecessary if the banner conforms to the standard banner parameters, but I do not think it doesn't in this context.
Implementation plan
A backend engineer should be consulted to figure out what is the best solution
Possible solution 1
- Create a new HAML partial called
_scim_identities.html.hamlinee/app/views/admin/users. HAML partial will loop through@user.scim_identities - Render HAML partial in app/views/admin/users/show.html.haml
- Add spec to ee/spec/features/admin/admin_users_spec.rb#L100
Possible solution 2
Modify app/controllers/admin/identities_controller.rb#L25 to include SCIM identities
Visuals
| Identities tab - empty state | Identities tab - populated | Identities tab - new ID created success |
|---|---|---|
 |
 |
 |
Figma work file
Availability & Testing
Add feature level spec that checks the SCIM identity is shown and can be deleted.
Edited by Sanad Liaquat