info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
---
# LDAP Rake tasks **(CORE ONLY)**
# LDAP Rake tasks **(FREE SELF)**
The following are LDAP-related Rake tasks.
The following are LDAP-related Rake tasks.
...
@@ -34,7 +34,7 @@ limit by passing a number to the check task:
...
@@ -34,7 +34,7 @@ limit by passing a number to the check task:
rake gitlab:ldap:check[50]
rake gitlab:ldap:check[50]
```
```
## Run a group sync **(STARTER ONLY)**
## Run a group sync **(PREMIUM SELF)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/14735) in [GitLab Starter](https://about.gitlab.com/pricing/) 12.2.
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/14735) in [GitLab Starter](https://about.gitlab.com/pricing/) 12.2.
| `request_access_enabled` | boolean | no | Allow users to request member access. |
| `request_access_enabled` | boolean | no | Allow users to request member access. |
| `parent_id` | integer | no | The parent group ID for creating nested group. |
| `parent_id` | integer | no | The parent group ID for creating nested group. |
| `default_branch_protection` | integer | no | See [Options for `default_branch_protection`](#options-for-default_branch_protection). Default to the global level default branch protection setting. |
| `default_branch_protection` | integer | no | See [Options for `default_branch_protection`](#options-for-default_branch_protection). Default to the global level default branch protection setting. |
| `shared_runners_minutes_limit` | integer | no | **(STARTER ONLY)** Pipeline minutes quota for this group (included in plan). Can be `nil` (default; inherit system default), `0` (unlimited) or `> 0` |
| `shared_runners_minutes_limit` | integer | no | **(PREMIUM SELF)** Pipeline minutes quota for this group (included in plan). Can be `nil` (default; inherit system default), `0` (unlimited) or `> 0` |
| `extra_shared_runners_minutes_limit` | integer | no | **(STARTER ONLY)** Extra pipeline minutes quota for this group (purchased in addition to the minutes included in the plan). |
| `extra_shared_runners_minutes_limit` | integer | no | **(PREMIUM SELF)** Extra pipeline minutes quota for this group (purchased in addition to the minutes included in the plan). |
### Options for `default_branch_protection`
### Options for `default_branch_protection`
...
@@ -838,8 +838,8 @@ PUT /groups/:id
...
@@ -838,8 +838,8 @@ PUT /groups/:id
| `request_access_enabled` | boolean | no | Allow users to request member access. |
| `request_access_enabled` | boolean | no | Allow users to request member access. |
| `default_branch_protection` | integer | no | See [Options for `default_branch_protection`](#options-for-default_branch_protection). |
| `default_branch_protection` | integer | no | See [Options for `default_branch_protection`](#options-for-default_branch_protection). |
| `file_template_project_id` | integer | no | **(PREMIUM)** The ID of a project to load custom file templates from. |
| `file_template_project_id` | integer | no | **(PREMIUM)** The ID of a project to load custom file templates from. |
| `shared_runners_minutes_limit` | integer | no | **(STARTER ONLY)** Pipeline minutes quota for this group (included in plan). Can be `nil` (default; inherit system default), `0` (unlimited) or `> 0` |
| `shared_runners_minutes_limit` | integer | no | **(PREMIUM SELF)** Pipeline minutes quota for this group (included in plan). Can be `nil` (default; inherit system default), `0` (unlimited) or `> 0` |
| `extra_shared_runners_minutes_limit` | integer | no | **(STARTER ONLY)** Extra pipeline minutes quota for this group (purchased in addition to the minutes included in the plan). |
| `extra_shared_runners_minutes_limit` | integer | no | **(PREMIUM SELF)** Extra pipeline minutes quota for this group (purchased in addition to the minutes included in the plan). |
| `prevent_forking_outside_group` | boolean | no | **(PREMIUM)** When enabled, users can **not** fork projects from this group to external namespaces
| `prevent_forking_outside_group` | boolean | no | **(PREMIUM)** When enabled, users can **not** fork projects from this group to external namespaces
| `shared_runners_setting` | string | no | See [Options for `shared_runners_setting`](#options-for-shared_runners_setting). Enable or disable shared runners for a group's subgroups and projects. |
| `shared_runners_setting` | string | no | See [Options for `shared_runners_setting`](#options-for-shared_runners_setting). Enable or disable shared runners for a group's subgroups and projects. |
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
---
# SAML OmniAuth Provider **(CORE ONLY)**
# SAML OmniAuth Provider **(FREE SELF)**
This page describes instance-wide SAML for self-managed GitLab instances. For SAML on GitLab.com, see [SAML SSO for GitLab.com groups](../user/group/saml_sso/index.md).
This page describes instance-wide SAML for self-managed GitLab instances. For SAML on GitLab.com, see [SAML SSO for GitLab.com groups](../user/group/saml_sso/index.md).
...
@@ -187,7 +187,7 @@ The name of the attribute can be anything you like, but it must contain the grou
...
@@ -187,7 +187,7 @@ The name of the attribute can be anything you like, but it must contain the grou
to which a user belongs. In order to tell GitLab where to find these groups, you need
to which a user belongs. In order to tell GitLab where to find these groups, you need
to add a `groups_attribute:` element to your SAML settings.
to add a `groups_attribute:` element to your SAML settings.
### Required groups **(STARTER ONLY)**
### Required groups **(PREMIUM SELF)**
Your IdP passes Group Information to the SP (GitLab) in the SAML Response. You need to configure GitLab to identify:
Your IdP passes Group Information to the SP (GitLab) in the SAML Response. You need to configure GitLab to identify:
...
@@ -213,7 +213,7 @@ Example:
...
@@ -213,7 +213,7 @@ Example:
}}
}}
```
```
### External Groups **(STARTER ONLY)**
### External groups **(PREMIUM SELF)**
SAML login supports automatic identification on whether a user should be considered an [external](../user/permissions.md) user. This is based on the user's group membership in the SAML identity provider.
SAML login supports automatic identification on whether a user should be considered an [external](../user/permissions.md) user. This is based on the user's group membership in the SAML identity provider.
...
@@ -231,7 +231,7 @@ SAML login supports automatic identification on whether a user should be conside
...
@@ -231,7 +231,7 @@ SAML login supports automatic identification on whether a user should be conside
}}
}}
```
```
### Admin Groups **(STARTER ONLY)**
### Admin groups **(PREMIUM SELF)**
The requirements are the same as the previous settings, your IdP needs to pass Group information to GitLab, you need to tell
The requirements are the same as the previous settings, your IdP needs to pass Group information to GitLab, you need to tell
GitLab where to look for the groups in the SAML response, and which group(s) should be
GitLab where to look for the groups in the SAML response, and which group(s) should be
...
@@ -251,7 +251,7 @@ considered admin users.
...
@@ -251,7 +251,7 @@ considered admin users.
}}
}}
```
```
### Auditor Groups **(STARTER ONLY)**
### Auditor groups **(PREMIUM SELF)**
> Introduced in [GitLab Starter](https://about.gitlab.com/pricing/) 11.4.
> Introduced in [GitLab Starter](https://about.gitlab.com/pricing/) 11.4.
@@ -327,7 +327,7 @@ A group's **Details** page includes tabs for:
...
@@ -327,7 +327,7 @@ A group's **Details** page includes tabs for:
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/207164) in GitLab [Starter](https://about.gitlab.com/pricing/) 12.10 as
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/207164) in GitLab [Starter](https://about.gitlab.com/pricing/) 12.10 as
a [beta feature](https://about.gitlab.com/handbook/product/#beta)
a [beta feature](https://about.gitlab.com/handbook/product/#beta)
The group details view also shows the number of the following items created in the last 90 days: **(STARTER)**
The group details view also shows the number of the following items created in the last 90 days: **(PREMIUM)**
- Merge requests.
- Merge requests.
- Issues.
- Issues.
...
@@ -389,7 +389,7 @@ To share a given group, for example, 'Frontend' with another group, for example,
...
@@ -389,7 +389,7 @@ To share a given group, for example, 'Frontend' with another group, for example,
All the members of the 'Engineering' group will have been added to 'Frontend'.
All the members of the 'Engineering' group will have been added to 'Frontend'.
## Manage group memberships via LDAP **(STARTER ONLY)**
## Manage group memberships via LDAP **(PREMIUM SELF)**
Group syncing allows LDAP groups to be mapped to GitLab groups. This provides more control over per-group user management. To configure group syncing edit the `group_base`**DN** (`'OU=Global Groups,OU=GitLab INT,DC=GitLab,DC=org'`). This **OU** contains all groups that will be associated with GitLab groups.
Group syncing allows LDAP groups to be mapped to GitLab groups. This provides more control over per-group user management. To configure group syncing edit the `group_base`**DN** (`'OU=Global Groups,OU=GitLab INT,DC=GitLab,DC=org'`). This **OU** contains all groups that will be associated with GitLab groups.
...
@@ -400,7 +400,7 @@ For more information on the administration of LDAP and group sync, refer to the
...
@@ -400,7 +400,7 @@ For more information on the administration of LDAP and group sync, refer to the
NOTE:
NOTE:
If an LDAP user is a group member when LDAP Synchronization is added, and they are not part of the LDAP group, they will be removed from the group.
If an LDAP user is a group member when LDAP Synchronization is added, and they are not part of the LDAP group, they will be removed from the group.
### Creating group links via CN **(STARTER ONLY)**
### Creating group links via CN **(PREMIUM SELF)**
To create group links via CN:
To create group links via CN:
...
@@ -428,7 +428,7 @@ To create group links via filter:
...
@@ -428,7 +428,7 @@ To create group links via filter:
![Creating group links via filter](img/ldap_sync_filter_v13_1.png)
![Creating group links via filter](img/ldap_sync_filter_v13_1.png)
### Overriding user permissions **(STARTER ONLY)**
### Overriding user permissions **(PREMIUM SELF)**
In GitLab [8.15](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/822) and later, LDAP user permissions can now be manually overridden by an admin user. To override a user's permissions:
In GitLab [8.15](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/822) and later, LDAP user permissions can now be manually overridden by an admin user. To override a user's permissions:
...
@@ -555,7 +555,7 @@ username, you can create a new group and transfer projects to it.
...
@@ -555,7 +555,7 @@ username, you can create a new group and transfer projects to it.
You can change settings that are specific to repositories in your group.
You can change settings that are specific to repositories in your group.
#### Custom initial branch name **(CORE ONLY)**
#### Custom initial branch name **(FREE SELF)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/43290) in GitLab 13.6.
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/43290) in GitLab 13.6.
...
@@ -616,7 +616,7 @@ To enable this feature, navigate to the group settings page. Select
...
@@ -616,7 +616,7 @@ To enable this feature, navigate to the group settings page. Select
![Checkbox for share with group lock](img/share_with_group_lock.png)
![Checkbox for share with group lock](img/share_with_group_lock.png)
#### Member Lock **(STARTER)**
#### Member Lock **(PREMIUM)**
Member lock lets a group owner prevent any new project membership to all of the
Member lock lets a group owner prevent any new project membership to all of the
projects within a group, allowing tighter control over project membership.
projects within a group, allowing tighter control over project membership.
...
@@ -814,11 +814,11 @@ To enable prevent project forking:
...
@@ -814,11 +814,11 @@ To enable prevent project forking:
-**Webhooks**: Configure [webhooks](../project/integrations/webhooks.md) for your group.
-**Webhooks**: Configure [webhooks](../project/integrations/webhooks.md) for your group.
-**Kubernetes cluster integration**: Connect your GitLab group with [Kubernetes clusters](clusters/index.md).
-**Kubernetes cluster integration**: Connect your GitLab group with [Kubernetes clusters](clusters/index.md).
Project access tokens are supported for self-managed instances on Core and above. They are also supported on GitLab.com Bronze and above (excluding [trial licenses](https://about.gitlab.com/free-trial/)).
Project access tokens are supported for self-managed instances on Free and above. They are also supported on GitLab SaaS Premium and above (excluding [trial licenses](https://about.gitlab.com/free-trial/)).
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/2587) in GitLab 13.0.
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/2587) in GitLab 13.0.
> - [Became available on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/235765) in GitLab 13.5 for paid groups only.
> - [Became available on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/235765) in GitLab 13.5 for paid groups only.