## Problem Managing credentials and identities for employees without Single Sign On is a major hassle for enterprise customers. Currently, GitLab.com doesn't allow a group to manage memberships with 3rd party identity providers - this means each employee/contractor needs to individually register and manage GitLab.com accounts, and the group administrator must find and manage their group memberships one-by-one. ## Our approach We'd like to ship an MVC to GitLab.com that solves this problem for our users. To begin, we are supporting the basics of SAML for GitLab.com groups and iterating. SSO will be a Silver feature of GitLab.com. Preliminary investigation can be found in https://gitlab.com/gitlab-org/gitlab-ee/issues/4217 ## Planned Scope *Our goal:* basic setup/login to make sure setup makes sense. give group owners convenience by adding users to SSO-enabled groups on user login. A group administrator should no longer need to add users from group membership, but they'll be required to manually remove users and manage permissions. *What this achieves:* gives users a minimally complete SAML. Adds value for owners, since they won't need to add new members by hand. Allows us to launch a beta and iterate with customers. More details on the beta program: https://gitlab.com/gitlab-com/sales/issues/227 ## Where we go beyond this epic 🚀 We'll let customer feedback begin to influence what we tackle next, but our possible next areas include: * [Automated member management for owners](https://gitlab.com/groups/gitlab-org/-/epics/95) * [Improved user controls](https://gitlab.com/groups/gitlab-org/-/epics/96) * [SSO enforcement](https://gitlab.com/groups/gitlab-org/-/epics/94) * [Making setup fast and easy](https://gitlab.com/groups/gitlab-org/-/epics/97) ## Other considerations - [ ] Documentation