Skip to content

Retain group members on GMA conversion

Aishwarya Subramanian requested to merge gma-member-retain into master

What does this MR do?

This MR adds changes to not remove the group members when a group is converted to a GMA. The reason for this change is that the existing behavior was found to be a destructive action.

It also removes the helper text that says - With group managed accounts enabled, all the users without a group managed account will be excluded from the group.

Improvement to this behavior is noted in a future issue:

Roles and Permissions of Group Members who choose to convert their account to a Group Managed Account remain intact. We could do this by allowing a grace period before removing them from the Group, similarly to how we handle 2FA.

Feature flag

The change is behind the FF gma_member_cleanup - and is disabled by default. In the event that we may have to re-enable the feature to remove the members, the flag can be enabled.

The flag can be deprecated once we have the grace period logic enabled, as it adds more solidity to the flow.

Mention #214033 (closed)

Screenshots

Behavior of a group member who had authorized via SSO before GMA conversion:

SSO_authorized

Behavior of a group member who had not authorized via SSO before GMA conversion:

SSO_not_authorized

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by 🤖 GitLab Bot 🤖

Merge request reports