Skip to content

Update user attributes for Group SAML enterprise users

Drew Blessing requested to merge dblessing_sso_update_enterprise_users into master

What does this MR do and why?

Implements #321940 (closed)

GitLab currently supports 'syncing' user attributes such as project_limit and can_create_groups from Group SAML on user creation. With this change, enterprise/provisioned users will also have these attributes updated on subsequent sign-ins.

How to set up and validate locally

  1. Requires Group SAML to be configured and for the SAML IdP to send attributes such as can_create_groups and/or projects_limit.
  2. Sign-in as either a new or existing provisioned SAML user.
  3. Observe that can_create_groups and/or projects_limit are set as prescribed by the IdP.

Video showing behavior

The first clip shows the values set for a new user. The second shows the same user's values updated.

New_User

Existing_User

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Drew Blessing

Merge request reports

Loading