SSO enforcement for Git/API Access
What does this MR do?
Implements SSO enforcement for non-web requests.
Prevents Git/API access unless the user has a browser session active where the group's SAML provider was used to sign in
Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/9152
Why
Organizations want to be sure that the user has used their sign in system, and not bypassed it by using their global GitLab password.
Acceptance criteria
Edited by Liam McAndrew