Commit b3bd251c authored by Cynthia Ng's avatar Cynthia Ng Committed by David O'Regan

Move assertions to SAML page

parent c832ff83
...@@ -37,17 +37,7 @@ Since use of the group-managed account requires the use of SSO, users of group-m ...@@ -37,17 +37,7 @@ Since use of the group-managed account requires the use of SSO, users of group-m
- The user is unable to access the group (their credentials no longer work on the identity provider when prompted to use SSO). - The user is unable to access the group (their credentials no longer work on the identity provider when prompted to use SSO).
- Contributions in the group (for example, issues and merge requests) remains intact. - Contributions in the group (for example, issues and merge requests) remains intact.
## Assertions Please refer to our [SAML SSO for Groups page](../index.md) for information on how to configure SAML.
When using group-managed accounts, the following user details need to be passed to GitLab as SAML
assertions to be able to create a user.
| Field | Supported keys |
|-----------------|----------------|
| Email (required)| `email`, `mail` |
| Full Name | `name` |
| First Name | `first_name`, `firstname`, `firstName` |
| Last Name | `last_name`, `lastname`, `lastName` |
## Feature flag **(PREMIUM SELF)** ## Feature flag **(PREMIUM SELF)**
......
...@@ -25,7 +25,7 @@ SAML SSO is only configurable at the top-level group. ...@@ -25,7 +25,7 @@ SAML SSO is only configurable at the top-level group.
1. Navigate to the group and select **Settings > SAML SSO**. 1. Navigate to the group and select **Settings > SAML SSO**.
1. Configure your SAML server using the **Assertion consumer service URL**, **Identifier**, and **GitLab single sign-on URL**. Alternatively GitLab provides [metadata XML configuration](#metadata-configuration). See [specific identity provider documentation](#providers) for more details. 1. Configure your SAML server using the **Assertion consumer service URL**, **Identifier**, and **GitLab single sign-on URL**. Alternatively GitLab provides [metadata XML configuration](#metadata-configuration). See [specific identity provider documentation](#providers) for more details.
1. Configure the SAML response to include a NameID that uniquely identifies each user. 1. Configure the SAML response to include a NameID that uniquely identifies each user.
1. Configure [required assertions](group_managed_accounts.md#assertions) if using [Group Managed Accounts](group_managed_accounts.md). 1. Configure [required assertions](#assertions) if using [Group Managed Accounts](group_managed_accounts.md), or expecting new user accounts to be created.
1. While the default is enabled for most SAML providers, please ensure the app is set to have [Service Provider](#glossary) initiated calls in order to link existing GitLab accounts. 1. While the default is enabled for most SAML providers, please ensure the app is set to have [Service Provider](#glossary) initiated calls in order to link existing GitLab accounts.
1. Once the identity provider is set up, move on to [configuring GitLab](#configuring-gitlab). 1. Once the identity provider is set up, move on to [configuring GitLab](#configuring-gitlab).
...@@ -53,6 +53,19 @@ Once users have signed into GitLab using the SSO SAML setup, changing the `NameI ...@@ -53,6 +53,19 @@ Once users have signed into GitLab using the SSO SAML setup, changing the `NameI
We recommend setting the NameID format to `Persistent` unless using a field (such as email) that requires a different format. We recommend setting the NameID format to `Persistent` unless using a field (such as email) that requires a different format.
### Assertions
For users to be created with the right information with the improved [user access and management](#user-access-and-management),
the following user details need to be passed to GitLab as SAML assertions.
| Field | Supported keys |
|-----------------|----------------|
| Email (required)| `email`, `mail` |
| Username | `username`, `nickname` |
| Full Name | `name` |
| First Name | `first_name`, `firstname`, `firstName` |
| Last Name | `last_name`, `lastname`, `lastName` |
### Metadata configuration ### Metadata configuration
GitLab provides metadata XML that can be used to configure your Identity Provider. GitLab provides metadata XML that can be used to configure your Identity Provider.
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
%li %li
= _("During this process, you’ll be asked for URLs from GitLab’s side. Use the URLs shown below.") = _("During this process, you’ll be asked for URLs from GitLab’s side. Use the URLs shown below.")
%li %li
= (_("Set up assertions/attributes/claims (email, first_name, last_name) and NameID according to %{docsLinkStart}the documentation %{icon}%{docsLinkEnd}") % { icon: sprite_icon('external-link'), docsLinkStart: "<a href='#{help_page_path('user/group/saml_sso/group_managed_accounts', anchor: 'assertions')}' target='_blank'>", docsLinkEnd: '</a>' }).html_safe = (_("Set up assertions/attributes/claims (email, first_name, last_name) and NameID according to %{docsLinkStart}the documentation %{icon}%{docsLinkEnd}") % { icon: sprite_icon('external-link'), docsLinkStart: "<a href='#{help_page_path('user/group/saml_sso/index.md', anchor: 'assertions')}' target='_blank'>", docsLinkEnd: '</a>' }).html_safe
%li %li
= html_escape(_("Fill in the fields below, turn on %{strong_open}Enable SAML authentication for this group%{strong_close}, and press %{strong_open}Save changes%{strong_close}")) % { strong_open: '<strong>'.html_safe, strong_close: '</strong>'.html_safe } = html_escape(_("Fill in the fields below, turn on %{strong_open}Enable SAML authentication for this group%{strong_close}, and press %{strong_open}Save changes%{strong_close}")) % { strong_open: '<strong>'.html_safe, strong_close: '</strong>'.html_safe }
%li %li
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment