Skip to content
GitLab Next
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • GitLab GitLab
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 43,823
    • Issues 43,823
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 1,413
    • Merge requests 1,413
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar

We will soon be undergoing scheduled maintenance to our database layer. We expect GitLab.com to be unavailable for up to 2 hours starting from 2022-07-02 06:00 UTC. Please note that any CI jobs that start before the maintenance window but complete during the window period will fail and may need to be started again.

  • GitLab.org
  • GitLabGitLab
  • Issues
  • #33143
Closed
Open
Created Oct 01, 2019 by Wills Bithrey@wills12 of 2 tasks completed2/2 tasks

Group members domain whitelist should allow multiple domains

Problem to solve

The domains whitelisting feature was implemented after one of our employees requested it - however we've been unable to enable / use this feature as we often need to bring users who do not have a corporate e-mail account at our company's domain (e.g. clients) into our GitLab projects, and so with the current behaviour it's not possible to enable the domain whitelist because we are unable to add more than a single domain to the whitelist.

Intended users

Initially GitLab admins will use this feature, to allow them to specify a list of domains from which users can be added from - the users actual vertical (e.g. Product Manager, Developer) isn't clear to me at this point.

Further details

This minor change makes the domain whitelisting feature more flexible and therefore hopefully more useful to users who work collaboratively with external stakeholders. It also promotes improved security/privacy in that it could help more users lock down their GitLab organisations and prevent them from accidentally granting access to people who should not be given access.

Proposal

It was proposed in #7297 (comment 174792745) that the values in the input could simply be separated by a delimiter (e.g. ; or ,). I'm not sure if you already have a UI pattern for this sort of multi-input so if that's inline with the existing pattern if one exists then fine.

First iteration

A comma separated list of email domains

Screenshot_2019-10-01_at_14.40.52

Second iteration

Implement the GitLab UI "Token Selector" component: #220567 (closed)

Permissions and Security

The permissions required to edit the domain whitelist field should not be changed as part of this proposal.

Documentation

I couldn't find any docs for the existing domain whitelist configuration (but I'm not sure if I was looking in the right place), so that should probably be added and expanded upon for this change.

Testing

TBD

What does success look like, and how can we measure that?

What is the type of buyer?

This is an additional security feature, so should probably belong to Gold/Ultimate.

User reports/requests

  1. https://gitlab.zendesk.com/agent/tickets/133973
  2. https://gitlab.zendesk.com/agent/tickets/134012
  3. https://gitlab.my.salesforce.com/00161000004xUpi

Issue readiness

  • Product: issue description is accurate with an acceptable proposal for an MVC
  • Engineering: issue is implementable with few remaining questions, is sufficiently broken down, and is able to be estimated
Edited Jun 05, 2020 by Peter Hegman
Assignee
Assign to
Time tracking