Add latest changes from gitlab-org/gitlab@13-3-stable-ee

1 files changed, 14 insertions, 0 deletions

diff --git a/doc/security/passwords_for_integrated_authentication_methods.md b/doc/security/passwords_for_integrated_authentication_methods.md
new file mode 100644
index 00000000000..704af49b2d2
--- /dev/null
+++ b/doc/security/passwords_for_integrated_authentication_methods.md
@@ -0,0 +1,14 @@
+---
+type: reference
+---
+
+# Generated passwords for users created through integrated authentication
+
+GitLab allows users to set up accounts through integration with external [authentication and authorization providers](../administration/auth/README.md).
+
+These authentication methods do not require the user to explicitly create a password for their accounts.
+However, to maintain data consistency, GitLab requires passwords for all user accounts.
+
+For such accounts, we use the [`friendly_token`](https://github.com/heartcombo/devise/blob/f26e05c20079c9acded3c0ee16da0df435a28997/lib/devise.rb#L492) method provided by the Devise gem to generate a random, unique and secure password and sets it as the account password during sign up.
+
+The length of the generated password is the set based on the value of [maximum password length](password_length_limits.md#modify-maximum-password-length-using-configuration-file) as set in the Devise configuation. The default value is 128 characters.