Enable identity verification for SAML signups
What does this MR do and why?
When signing up through an OmniAuth Provider, send a custom confirmation code instead of a Devise confirmation link and redirect to the identity verification page.
Screenshots or screen recordings
OmniAuth Provider |
identity_verification disabled |
identity_verification enabled |
---|---|---|
Group SAML with JIT* User Provisioning | identity_verification_disabled | identity_verification_enabled |
Group SAML with SCIM User Provisioning | identity_verification_disabled | identity_verification_enabled |
Google OAuth 2.0 | identity_verification_disabled | identity_verification_enabled |
*Using Just-In-Time (JIT) provisioning, user accounts are created when the user first signs in.
How to set up and validate locally
- In rails console enable the
identity_verification
feature flagFeature.enable(:identity_verification)
- Setup Group SAML with SCIM support for Okta and Google OAuth 2.0
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Alex Buijs