Resolve "Allow setting a default role for Group SSO"
What does this MR do?
For #214523 (closed)
- This change adds the ability to set a "Default membership role" when setting up a group SAML provider. If not selected, the default value is always "Guest"
- The selected role is saved in the
default_memebership_rolecolumn insaml_providerstable. - Whenever a new user is added to the group via Group SSO or via SCIM provisioning, the role set up in the step above will be set as the access level of the newly added user in the group.
Setup
To setup SAML in local development for testing/development please follow this guide.
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec -
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Edited by Manoj M J