Group Level Audit Logging shows incorrect IP address when SAML actions affect user permissions
There was an issue on GitLab.com where a customer had SAML revoke access to their group, and the Audit Log showed the IP address of every user removing themselves from the group vs. the IP address of the SAML server. I'm not sure if this is expected behavior but it made for harder debugging.
If Support Engineers (or self-managed admins) saw that all of the actions came from the same IP, it would have cut debugging time down dramatically, but we had to prove it through looking at the requests in Kibana.