Implement an exception list to bypass SAML SSO Enforcement
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Problem to solve
SAML SSO enforcement prevents users from accessing a GitLab group without first going through the Identity Provider (IDP) such as Okta, Azure, etc. for authentication. Currently, only Group Owners can bypass this enforcement by default.
There can be situations on which a Group owner need to share information (sub-groups/projects) with people external to their organization. Since these external people do not belong to the organization, they are not a member of their IDP and as such do not have a SAML identity that allows them to access the group. There is currently not a way to bypass SAML SSO enforcement for specific users/domains other than giving them the Owner role which is usually not desired.
Proposal
Implement a way for Group owners to explicitly bypass SAML SSO Enforcement for determined users. We could filter for example on:
- Full email address for granular control.
- Partial email addresses to allow an entire domain (ex.
@domain.com)
Intended users
Group owners are the main target of this feature request.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.