Transparent Group SSO Enforcement
What does this MR do and why?
Describe in detail what your merge request does and why.
Resolves Transparent SSO enforcement for group members o... (#215155 - closed)
When a group has SAML SSO enabled, but not enforced, this change ensures that any user who has an existing Group SAML identity will have their SSO session enforced. The advantage to this is heightened security for those users that do have an SSO identity (and by proxy, an SSO account) while still allowing non-SSO users to access the groups/projects (contractor/members, or for public groups or projects, non-members).
This feature is behind a default-disabled feature flag transparent_sso_enforcement
.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
This would be fairly involved to setup locally which is why I provided the screen recording above.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.