List connected group SAML identities for SAML SSO

Problem

On self-managed GitLab instance, an admin user can access the /admin/users panel to edit and remove user identities through the UI (identity information is also accessible through the API). An example of this view:

However, for GitLab.com group Owners, this identity information isn't available - making configuration and troubleshooting hard. Since users on GitLab.com are attributed to the instance, it might not make sense to give a group Owner unrestricted access to all of a user's identities - but we should allow the Owner to manage all of the identities associated with that SAML provider.

Proposal

In the SAML SSO configuration panel, list the members with an identity matching the configured SAML provider for the group. List the identities information for each user with the extern_uid.

Mock

"Remove" button is out of scope.

Next iteration

In the next iteration, only allow an Owner to REMOVE the associated identity for a user.
- On clicking Remove, present a banner to the user confirming that the user's identity was removed.
- Add editing in a future iteration, #35310

Details

We currently store SAML provider identities on the user like so:

    "identities": [
      {"provider": "group_saml", "extern_uid": "123789", "saml_provider_id": 10}
    ]

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Edited Dec 10, 2024 by 🤖 GitLab Bot 🤖