You need to sign in or sign up before continuing.

In groups with Enterprise user enabled, owner can search that group enterprise users by private email

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Problem

With Direct-transfer placeholder users: list Enterpr... (#510673 - closed) Owners of groups with Enterprise User feature enabled, will see only Enterprise users of a specific group in the reassignment dropdown in UI, instead of all users on .com.

This improves user experience already, but searching for a specific user is still not easy, especially if they don't have a public email.

Proposal

Allow Owners of groups with Enterprise User feature enabled, to search the UI drop-down for user contributions re-assignment by private email.

They will only be able to search users in their own groups and projects using non-public emails. They will only be able to search for private emails that match the domain the group has verified and not any other abitrary private email of an enterprise user.

We want to allow assigning to all members of the top-level group and all it's subgroups and projects, in other words, to all enterprise users.

In a way, it brings up the need to setup domain verification, SAML and SCIM (if possible, given their IdP) in the 1st place, to simplify the user re-assignment.

It could help with CSV re-assignment as well, where Owner would be able to specify the email (private) field instead of username or public_email for user matching on destination.

Technical proposal - needs validation

On the UI, we could pass the groupId to the users query to limit the options in the dropdown to members of the top-level group.
On the API, we probably need to add some validation to the importSourceUserReassign mutation to make sure that the reassignToUser needs to be a member of the top-level group.
❓ Are there additional changes for CSV reassignments needed or is the feature built on top of existing endpoints and thus will work as expected once the API changes to for individual reassignments are implemented?

Security considerations

All MRs should be reviewed by AppSec.

A core part is that this only applies to groups with enterprise users, is only scoped to searching within those enterprise users.

Edited Jul 01, 2025 by 🤖 GitLab Bot 🤖