Permit multiple email addresses during user provisioning via SCIM
Release notes
With this update, it is possible to specify one or more additional email addresses for automatic association with an account at the time that account is provisioned via SCIM. It is no longer necessary for this to be done after the account has been created.
Problem to solve
Today, we use emails[type eq "work"].value
as the email address when provisioning a user via SCIM.
In SCIM, emails
is a multi-value attribute. Users may have one or more additional email addresses. Today, they have to add those addresses manually after their account is provisioned via SCIM.
Proposal
Adjust the way GitLab handle SCIM provisioning to consume all email addresses associated with a user.
I believe that there are two cases to cover:
In addition to adding the primary email address with a type
of work
, also add:
- Multiple emails where the
type
iswork
(and only one if the primary) - Multiple emails where the
type
is notwork
📚 Info/Resources
- RFC7644: System for Cross-domain Identity Management: Protocol
The SCIM API accepts a field called emails
and describes it as Work email
.
- We should also clarify whether multiple email addresses are accepted by this system-only endpoint.
Intended users
- Cameron (Compliance Manager)
- Delaney (Development Team Lead)
- Sidney (Systems Administrator)
- Alex (Security Operations Engineer)
Feature Usage Metrics
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.