Group SSO Enforcement prevents non-SSO users being added to the group

What

Require users to have a linked identity for a group's SSO service in order to be added to a group that enforces SSO.

Why

Organizations want more control over who is added to groups and how they authenticate. Requiring use of their specific SSO service to become a member of the group protections against accidentally adding the wrong user.

Related

Part of https://gitlab.com/gitlab-org/gitlab-ee/issues/9255 via https://gitlab.com/gitlab-org/gitlab-ee/issues/5291#note_130831899