SSO enforcement for Git/API Access (!12594) · Merge requests · GitLab.org / GitLab · GitLab

James Edwards-Jones requested to merge jej/enforce-sso-background-session-for-git-and-api into master May 10, 2019

What does this MR do?

Implements SSO enforcement for non-web requests.

Prevents Git/API access unless the user has a browser session active where the group's SAML provider was used to sign in

Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/9152

Why

Organizations want to be sure that the user has used their sign in system, and not bypassed it by using their global GitLab password.

Acceptance criteria

Edited Nov 09, 2021 by Liam McAndrew