Skip to content

Add Group level SAML callback for GitLab.com SSO

James Edwards-Jones requested to merge jej/group-saml-callback-flow into master

What

Gives users access to a group when they sign in with Group level SAML SSO.

This MR focuses on the callback flow, with SAML authentication/validation being processed by the GroupSaml Omniauth middleware. We link a user's Identity to the SamlProvider and add them as members of the group.

Extracted from https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/4076

Why

Group level SAML SSO on GitLab.com will minimize the administrative burden of adding users to groups manually. See &40 (closed)

Does this MR meet the acceptance criteria?

  • Changelog entry added, if necessary
  • Documentation created/updated
  • Tests added for this feature/bug
  • Review
    • Has been reviewed by UX
    • Has been reviewed by Backend
  • EE specific content should be in the top level /ee folder
  • Internationalization required/considered
  • If paid feature, have we considered GitLab.com plan and how it works for groups and is there a design for promoting it to users who aren't on the correct plan
  • End-to-end tests pass (package-qa manual pipeline job)

What are the relevant issue numbers?

Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/4514

Edited by James Edwards-Jones

Merge request reports