Retain group members on GMA conversion
What does this MR do?
This MR adds changes to not remove the group members when a group is converted to a GMA. The reason for this change is that the existing behavior was found to be a destructive action.
It also removes the helper text that says - With group managed accounts enabled, all the users without a group managed account will be excluded from the group.
Improvement to this behavior is noted in a future issue:
Roles and Permissions of Group Members who choose to convert their account to a Group Managed Account remain intact. We could do this by allowing a grace period before removing them from the Group, similarly to how we handle 2FA.
Feature flag
The change is behind the FF gma_member_cleanup
- and is disabled by default. In the event that we may have to re-enable the feature to remove the members, the flag can be enabled.
The flag can be deprecated once we have the grace period logic enabled, as it adds more solidity to the flow.
Mention #214033 (closed)
Screenshots
Behavior of a group member who had authorized via SSO before GMA conversion:
Behavior of a group member who had not authorized via SSO before GMA conversion:
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team