15.5 Planning for Manage::Authentication and Authorization

15.5 Milestone: 2022-09-18 to 2022-10-17

%15.4 Planning issue: #17550 (closed)

Boards

• Build Board (%15.5 milestone issues to be built)
• Workflow Board (%15.5 issues in their current workflow states)
• Cross-Functional Prioritization Board

Capacity

Preliminary capacity

Team	Weight
frontend	w6
backend	w32

Capacity Goals

60% typefeature 10% typemaintenance 30% typebug

Objectives & Themes

• FedRAMP Required Items
• Fix open security bugvulnerability
• FY23:ROADMAP work (Custom Roles, Enterprise Users) - These have the direction label applied
• typemaintenance and typebug work

Security Issue Summary

Product prioritized typefeature list

1. New feature work - FY23:ROADMAP items, direction items

• Main Themes: Customizable Roles, Domain Verification/Enterprise Users, FedRAMP MilestoneRAR Requirement deliverables

• See Feature Board. Items are stack ranked.

Quality prioritized typebug list

1. https://gitlab.com/gitlab-org/gitlab/-/issues/368416+ (W3 priority3 severity3 security bugvulnerability )
2. GitLab.com Group access tokens continue working... (gitlab-org/gitlab#367740 - closed) (W? priority3 severity3 security bugvulnerability )
3. Automatic Logouts Are Too Frequent (gitlab-org/gitlab#121569 - closed) ( W3 priority2 severity2 SUSImpacting customer)
4. ✅ New PAT creation corrupts the page (gitlab-org/gitlab#373228 - closed) (W? priority2 severity3)
5. Error when removing user's SCIM ID via API (gitlab-org/gitlab#368031 - closed) (W2 priority2 severity2 customer )
6. Cannot access Admin/credentials Project Access ... (gitlab-org/gitlab#354489 - closed) (W2 priority2 severity2 customer )
7. Group owner cannot remove their group from a pr... (gitlab-org/gitlab#251137 - closed) ( W3 priority2 severity2 SUSImpacting customer )
8. Self-managed SAML - bypass 2 factor authenticat... (gitlab-org/gitlab#196131 - closed) (W3 priority4 severity4 SUSImpacting )
9. Admins should be blocked from impersonating exp... (gitlab-org/gitlab#332667 - closed) (W2 priority2 severity2 customer SUSImpacting )
10. Cannot access Admin/credentials Project Access ... (gitlab-org/gitlab#354489 - closed) (W2 priority2 severity2 customer )
11. Overriding LDAP permissions no longer possible (gitlab-org/gitlab#337539 - closed) (W3 priority2 severity2 customer )

Engineering prioritized typemaintenance list

See maintenance list, they are prioritized from top to bottom.

For consideration

Slipped %15.4

Release Post Items

Status	Issue	Release Post MR
Blocked, moved to %15.6	Prevent users from choosing weak passwords (gitlab-org/gitlab#23610 - closed)	MR
Merged	Allow group owners to update group members' SAM... (gitlab-org/gitlab#227841 - closed)	MR
Merged	Support delivery of emails using Microsoft Grap... (gitlab-org&8259 - closed)	MR
Merged	Email the user when their two-factor OTP attemp... (gitlab-org/gitlab#374740 - closed)	MR
Merged	Transparent SSO enforcement for group members o... (gitlab-org/gitlab#215155 - closed)	MR
Merged	Add 'commit email' user attribute to the API mo... (gitlab-org/gitlab#375148 - closed)	MR
Merged	Add new filters to private access token API (gitlab-org/gitlab#362248 - closed)	MR
Not started, issue will slip	Allow group owners to disable 2FA for individua... (gitlab-org/gitlab#372401 - closed)	MR
RP drafted but issue Not started, issue will slip	Enterprise Users - MVC: Automatic Claim of exis... (gitlab-org/gitlab#322039 - closed)	MR

Other