Add Saml Group Links API support for Member Roles (!138678) · Merge requests · GitLab.org / GitLab

Alex Buijs requested to merge support-member-roles-for-saml-group-link-api into master Dec 04, 2023

What does this MR do and why?

Add SamlGroupLink API support for custom roles.

Exposes and saves a member_role_id to SamlGroupLink.

How to set up and validate locally

Enable Group SAML

gdk config set omniauth.group_saml.enabled true && gdk reconfigure && gdk restart rails-web

Create a group with Ultimate license

Enable the feature flag in the console:

Feature.enable(:custom_roles_for_saml_group_links)

Configure SAML SSO in group settings by adding a bogus IDP.
Go to http://localhost:3000/groups/${group_id}/-/settings/roles_and_permissions and create a custom role with Developer base access

Make API request with your personal access token with api scope:

curl --location --request POST 'http://localhost:3000/api/v4/groups/${group_id}/saml_group_links?saml_group_name=my-group&access_level=30&member_role_id=${member_role_id}' --header 'PRIVATE-TOKEN: ${personal_access_token}'

Verify the response looks like:

{"name":"my-group","access_level":30,"member_role_id":1}

Issue: #417201 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Dec 05, 2023 by Ian Anderson

Add Saml Group Links API support for Member Roles

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports