SSO enforcement shouldn't require SSO for non-members and public groups

What does this MR do and why?

Resolves #386920 (closed)

Read #386920 (comment 1346207963)

This MR follows the same approach for SSO enforcement policy definition for groups as for projects, see !118562 (merged)

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

assigned to @bdenkovych

changed milestone to %16.0

added Deliverable FCL-8659 SLOMissed Support Interest corrective action customer devopsmanage groupauthentication and authorization [DEPRECATED] priority2 reproduced on GitLab.com saml sectiondev severity2 typebug workflowin dev labels

removed Deliverable label

removed workflowin dev label

added backend label

	2 Warnings
	Most of the time, merge requests should target master. Otherwise, please set the relevant Pick into X.Y label.
	Please add a merge request subtype to this merge request.

Reviewer roulette

Changes that require review have been detected!

Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:

Category	Reviewer	Maintainer
backend	Zamir Martins Filho (@zmartins) (UTC+0, 3 hours behind @bdenkovych)	Tetiana Chupryna (@brytannia) (UTC+2, 1 hour behind @bdenkovych)

To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.

To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.

Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.

If needed, you can retry the danger-review job that generated this comment.

Generated by Danger

changed the description

marked the checklist item I have evaluated the MR acceptance checklist for this MR. as completed

changed title from Draft: SSO Enforcement shouldn't require SSO for non-members of public groups to Draft: SSO nforcement shouldn't require SSO for non-members of public groups

changed title from Draft: SSO nforcement shouldn't require SSO for non-members of public groups to Draft: SSO enforcement shouldn't require SSO for non-members of public groups

mentioned in merge request !118562 (merged)

added 1 commit

• 7ab63eac - SSO enforcement shouldn't require SSO for non-members of public groups

Compare with previous version

added 1 commit

• 1803a1ca - SSO enforcement shouldn't require SSO for non-members of public groups

Compare with previous version

removed SLOMissed label

@bdenkovych, please can you answer the question: Should this have a feature flag? to help with code review for the Authentication and Authorization group.

This nudge was added by this triage-ops policy.

mentioned in merge request !118400 (merged)

deleted the bdenkovych-issue-405021-part-4 branch. This merge request now targets the master branch

Reviewer roulette

Changes that require review have been detected!

Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:

Category	Reviewer	Maintainer
backend	Joseph Joshua (@joseph) (UTC+0, 3 hours behind @bdenkovych)	Allen Cook (@acook.gitlab) (UTC-4, 7 hours behind @bdenkovych)

To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.

To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.

Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.

If needed, you can retry the danger-review job that generated this comment.

Generated by Danger

added 1 commit

• 74485db1 - SSO enforcement shouldn't require SSO for non-members of public groups

Compare with previous version

added 2569 commits

• 74485db1...9eb3f6e0 - 2568 commits from branch master
• c7846c5f - SSO enforcement shouldn't require SSO to access public groups for non-members

Compare with previous version

marked this merge request as ready

changed title from Draft: SSO enforcement shouldn't require SSO for non-members of public groups to SSO enforcement shouldn't require SSO to access public groups for non-members

@dblessing Could you please review this MR for ~"group::authentication and authorization"?

requested review from @dblessing

added 1 commit

• e1e47642 - SSO enforcement shouldn't require SSO for non-members on public groups

Compare with previous version

added 1 commit

• f251c7bf - SSO enforcement shouldn't require SSO for non-members and public groups

Compare with previous version

changed title from SSO enforcement shouldn't require SSO to access public groups for non-members to SSO enforcement shouldn't require SSO for non-members and public groups

approved this merge request

@dblessing, thanks for approving this merge request.

This is the first time the merge request is approved. To ensure full test coverage, a new pipeline will be started shortly.

For more info, please refer to the following links:

• rspec predictive jobs
• jest predictive jobs
• merging a merge request.

added pipeline:mr-approved label

requested review from @brytannia and removed review request for @dblessing

mentioned in merge request !120105 (merged)

added bugfunctional label

approved this merge request

resolved all threads

enabled an automatic merge when the pipeline for b6c3f802 succeeds

merged

mentioned in issue #386920 (closed)

mentioned in commit 9b6f1575

mentioned in issue #410421 (closed)

mentioned in merge request !120231 (merged)

Allure report

allure-report-publisher generated test report!

e2e-package-and-test: test report for f251c7bf

expand test summary

+----------------------------------------------------------------+
|                         suites summary                         |
+-----------+--------+--------+---------+-------+-------+--------+
|           | passed | failed | skipped | flaky | total | result |
+-----------+--------+--------+---------+-------+-------+--------+
| Manage    | 217    | 2      | 15      | 42    | 234   | ❌     |
| Create    | 0      | 0      | 25      | 0     | 25    | ➖     |
| Configure | 1      | 0      | 0       | 0     | 1     | ✅     |
+-----------+--------+--------+---------+-------+-------+--------+
| Total     | 218    | 2      | 40      | 42    | 260   | ❌     |
+-----------+--------+--------+---------+-------+-------+--------+

added workflowstaging-canary label

added workflowcanary label and removed workflowstaging-canary label

added workflowstaging label and removed workflowcanary label

added workflowproduction label and removed workflowstaging label

added workflowpost-deploy-db-staging label and removed workflowproduction label

added workflowpost-deploy-db-production label and removed workflowpost-deploy-db-staging label

added releasedcandidate label

mentioned in merge request kubitus-project/kubitus-installer!2145 (merged)