Group-level audit events for SAML SSO login activity
Problem
Understanding access activity is one of the most fundamental audit events when investigating a security event. Currently, we track sign in events at the instance level, which doesn't do much good for users on GitLab.com.
Proposal
- When a user logs into a group using SAML SSO, log a group-level audit event. This event should include device, browser, and IP address.
Edited by Jeremy Watson (ex-GitLab)