Deprecate azure_oauth2 provider
In !54265 (merged), we shipped OAuth2 support for Azure Active Directory v2. The v1 provider, azure_oauth2
, does not trigger MFA authentication, which prevents users from logging into organizations that enforce MFA via a Conditional Access policy.
We should deprecate the v1 provider. Some ideas for doing this:
- Update the documentation in https://docs.gitlab.com/ee/integration/azure.html to make it clear that v1 should no longer be used.
- Perhaps display a deprecated warning message to the admin somewhere?
Note if you remove the azure_oauth2
from available providers, GitLab will fail to start if the config had azure_oauth2
in it, so admins have to remove this.
We may want to provide a database migration or Rake task that drops the azure_oauth2
identities
entries as well.