Spike for users migration
Problem to Solve
As described in the implementation issue, we are looking to migrate users as part of the Group Migration. This issue will be used to discuss possible approaches, technical and security limitations, and create any technical spikes.
- On GitLab.com, Admin is required for user creation/access
- Group owner should be able to export (provided the user has a public email address)
- Any user can import a repository, but for users, we require an Admin token (otherwise random users could add members)
- In self-managed instances, we can require that Admin performs Group migration
- For SAML SSO, we can first create the user in GitLab, then map them to SAML
- Potential first iteration: self-managed user import
- Potential solution for GitLab.com: provision a user and trigger a reset password, so that they get an email to access the new group.
- Runner minutes limit
- Group SAML
- SSH Keys
- GPG Keys
- Secondary emails
- What are the security concerns regarding this solution?
- What are the technical limitations?
- What are the possible technical approaches?