Decouple SAML authentication from the default Omniauth logic

1 files changed, 9 insertions, 2 deletions

diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index faf05ecd466..b6954b3152b 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -288,15 +288,22 @@ production: &base
     # auto_sign_in_with_provider: saml
 
     # CAUTION!
-    # This allows users to login without having a user account first (default: false).
+    # This allows users to login without having a user account first. Define the allowed
+    # providers using an array, e.g. ["saml", "twitter"]
     # User accounts will be created automatically when authentication was successful.
-    allow_single_sign_on: false
+    allow_single_sign_on: ["saml"]
+
     # Locks down those users until they have been cleared by the admin (default: true).
     block_auto_created_users: true
     # Look up new users in LDAP servers. If a match is found (same uid), automatically
     # link the omniauth identity with the LDAP account. (default: false)
     auto_link_ldap_user: false
 
+    # Allow users with existing accounts to login and auto link their account via SAML
+    # login, without having to do a manual login first and manually add SAML
+    # (default: false)
+    auto_link_saml_user: false
+
     ## Auth providers
     # Uncomment the following lines and fill in the data of the auth provider you want to use
     # If your favorite auth provider is not listed you can use others: