Skip to content

Transparent Group SSO Enforcement

Drew Blessing requested to merge dblessing_transparent_sso into master

What does this MR do and why?

Describe in detail what your merge request does and why.

Resolves Transparent SSO enforcement for group members o... (#215155 - closed)

When a group has SAML SSO enabled, but not enforced, this change ensures that any user who has an existing Group SAML identity will have their SSO session enforced. The advantage to this is heightened security for those users that do have an SSO identity (and by proxy, an SSO account) while still allowing non-SSO users to access the groups/projects (contractor/members, or for public groups or projects, non-members).

This feature is behind a default-disabled feature flag transparent_sso_enforcement.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

TransparentSSO

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

This would be fairly involved to setup locally which is why I provided the screen recording above.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Hannah Sutor

Merge request reports

Loading