Remove connected user identities for SAML SSO
After being able to list relevant user identities in #35308 (closed), we should give a group Owner the ability to remove them in order to troubleshoot SSO connection problems.
Introduce a "Remove" button next to user identities associated with the relevant SSO provider.
- Show a confirmation dialog on clicking "Remove".
For the first iteration, do not present this removal option for Owners.
Add a icon to remove on the far right column of the identities table. Use the same iconography we use in the Members table:
Present a confirmation prompt after clicking to remove.
- Do we expect removal to remove both the identity link and user membership? Should an owner be able to remove their own identity, would that keep memberhsip for the last owner of a group, and how would that work if enforcement is enabled?
- How do we anticipate this working with Group Managed Accounts? Does the account get closed? How do we communicate that in the UI?
- If this is on a new page/tab/expandable-section how should we present that or link to it? Need input from UX and frontend
- Will group owners know that removing an identity is the path to allowing a user to sign in again?
- If SCIM has created duplicate accounts due to email mismatch, will this leave behind orphan accounts that can't be signed into? These could prevent new accounts being created if the primary email then remains taken. Would we need to relax our support policies to allow these accounts to be removed more easily without proving ownership per user?
- Does this duplicate functionality from the Members page? Would editing make more sense here if membership can already be removed there? Should the editing functionality be provided from that page?
- Do we need to guard against accidental removals if this removes membership as well as the identity? The instance wide version has less impact because it only removed the identity.
Availability & Testing
This feature appears to be low risk in terms of GitLab.com availability. Appropriate tests at unit and feature level should be added. No end-to-end tests needed.