Allow creating a group access token for a group with SSO enforcement
What does this MR do and why?
For each project access token created, a project bot user is created and added to the project
GitLab docs explain how to create a group access token manually. https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#group-access-token-workaround
If a project is under the group that has SSO enforcement enabled, it won't allow to add a user not linked to the SAML account as a member of this project. It didn't allow to create project access token for a project under SSO enforcement since project bot users are not supposed to be linked SAML account. It was fixed in f9df9d2f
I noticed that we have the same issue on creating group access token. https://app.slack.com/client/T02592416/CLM1D8QR0
This change makes it possible to create group access token for a group that has SSO enforcement enabled.
Changelog: fixed
EE: true
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
- Enforce SSO authentication for your group: https://docs.gitlab.com/ee/user/group/saml_sso/#configuring-gitlab
- Create a group access token: https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#create-a-group-access-token
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.