Once we have SAML SSO in a [stable and generally available state](https://gitlab.com/groups/gitlab-org/-/epics/1785), we should continue to iterate on the capabilities of the feature. Specifically, we should extend SSO enforcement to comprehensively cover user activity and introduce automated permissions management based on the assertion we receive from the configured identity provider (similar to LDAP group sync).