SAML Group Link not compatible with some IdPs integrated with Cloudflare Access such as Google Workspace and Okta OIDC

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

SAML Group Link is not compatible with Cloudflare Access

It looks like our our SAML Group Sync cannot work with Cloudflare Access.

Cloudflare Access provide this answer

<saml2:AttributeValue>
        <name xmlns="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
        Product Team</name>
        <id xmlns="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
        67etxe37842t</id>
        <email xmlns="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
        example@email.com</email>
</saml2:AttributeValue>

When we are expecting

<saml2:AttributeValue>Frontend</saml2:AttributeValue>

<saml2:AttributeValue xmlns="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">gitlab-owners</saml2:AttributeValue>

Would that be something possible to implement?

One Premium customer is requesting this feature: internal link

Edited Jul 23, 2025 by 🤖 GitLab Bot 🤖