Option to auto-add SCIM identity when an account is provisioned by SAML sign in

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Proposal

There are cases where a customer can only use their identity Provider's SCIM protocol to deactivate users (but cannot provision or update).

The SCIM identity is only created when the Gitlab account is SCIM provisioned, and some scenarios do not allow using SCIM to update users.

We say that the SCIM and SAML identities must be the same so we could have an configuration option that copies the SCIM identity from the SAML identity when the GitLab account is just-in-time provisioned by SAML.

Alternatives

The only other viable alternative (that I can see) is for affected customers to create their own script using the internal SCIM API to add SCIM identities to all users on a scheduled basis.

The modify users API does not allow for creating a SCIM identity.