Follow-up from "Disable password authentication for SSO users"
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
The following discussions from !168111 (merged) should be addressed:
@atevans started a discussion:
question (non-blocking): Since these shared examples are only used in user_spec , should we define them there rather than in a separate file? OTOH user_spec is almost over nine thousand LoC, so maybe a separate file is best.
@bdenkovych started a discussion:
Suggestion(non-blocking):
Even when password authentication is enabled, it may be desirable to restrict SSO users ability to use their username and password to authenticate. Select **Disable password authentication for users with an SSO identity** to disable password authentication for users with an SSO identity.
Instead, these users can do either of the following:
- Use an SSO identity to authenticate with GitLab web UI.
- Use a personal access token to authenticate with GitLab API and Git using HTTP Basic Authentication, [unless personal access token use is disabled](../../user/profile/personal_access_tokens.md#disable-personal-access-tokens).
@bdenkovych started a discussion: (+1 comment)
Question: I see that !40176 (merged) added atlassian_identities table, users could have atlassian_identity. This atlassian_identity is not related to atlassian-SSO, correct?
@bdenkovych started a discussion: (+1 comment)
Question: Admin could enable or disable sign-in with an OmniAuth provider. I am wondering whether we should consider that setting while disabling password authentication for users?
@bdenkovych started a discussion:
This spec should be in CE since it is GitLab Free feature.