'New user' flow for SSOing into a GitLab.com group [UX]
UX for https://gitlab.com/gitlab-org/gitlab-ee/issues/5292
Overview
To support a new user flow after a user successfully SSOs, we need to consider and support a scenario where a user:
- Does not have a pre-existing user account on the instance, and/or
- The connected group enforcing SSO is requiring dedicated credentials, and the user must register a user account specifically for that group.
The main requirement here is a new treatment for the sign-in/registration page; see GitHub's reference image below. The user should understand:
- That their SSO attempt was successful (they were authenticated from the connected identity provider)
- Why they're being asked to create an account
- That their new account will be used to access a specific group
- That after registration, they'll be redirected to whatever resource they were requesting.
References
Solution
- Group managed account
- Linked (after SSO, straight to group-restricted source)
- Not linked (after SSO, user needs to register)
- Not linked, signed in (after SSO, user confirms sign out, then creates a new account)
- No group managed account
- no existing GitLab.com account linked, signed in (user chooses an account to link)
- no existing GitLab.com account linked, not signed in (the user needs to sign in or register)
- existing GitLab.com account linked
Edited by Matej Latin