Add latest changes from gitlab-org/gitlab@13-8-stable-eev13.8.0-rc42

16 files changed, 134 insertions, 50 deletions

diff --git a/doc/user/group/import/img/bulk_imports_v13_8.png b/doc/user/group/import/img/bulk_imports_v13_8.png
new file mode 100644
index 00000000000..31234f9fcea
--- /dev/null
+++ b/doc/user/group/import/img/bulk_imports_v13_8.png
diff --git a/doc/user/group/import/img/import_panel_v13_8.png b/doc/user/group/import/img/import_panel_v13_8.png
new file mode 100644
index 00000000000..1fb7fbad291
--- /dev/null
+++ b/doc/user/group/import/img/import_panel_v13_8.png
diff --git a/doc/user/group/import/img/new_group_navigation_v13_8.png b/doc/user/group/import/img/new_group_navigation_v13_8.png
new file mode 100644
index 00000000000..307175727c7
--- /dev/null
+++ b/doc/user/group/import/img/new_group_navigation_v13_8.png
diff --git a/doc/user/group/import/index.md b/doc/user/group/import/index.md
new file mode 100644
index 00000000000..d051a134af1
--- /dev/null
+++ b/doc/user/group/import/index.md
@@ -0,0 +1,91 @@
+---
+type: reference, howto
+stage: Manage
+group: Import
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Import groups from another instance of GitLab **(CORE)**
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/249160) in GitLab 13.7.
+> - It's [deployed behind a feature flag](../../feature_flags.md), disabled by default.
+> - It's enabled on GitLab.com.
+
+## Overview
+
+WARNING:
+This feature is [under construction](https://gitlab.com/groups/gitlab-org/-/epics/2771) and currently migrates only some of the Group data. Please see below for the full list of what is included in the migration at this time.
+
+Using GitLab Group Migration, you can migrate existing top-level groups from GitLab.com or a self-managed instance. Groups can be migrated to a target instance, as a top-level group, or as a sub-group of any existing top-level group.
+
+The following resources are migrated to the target instance:
+
+- Groups
+  - description
+  - attributes
+  - subgroups
+- Epics
+  - title
+  - description
+  - state (open / closed)
+  - start date
+  - due date
+  - epic order on boards
+  - confidentiality
+
+Any other items are **not** migrated.
+
+## Enable or disable GitLab Group Migration
+
+Support for GitLab Group Migration is under development and not ready for production use. It is
+deployed behind a feature flag that is **disabled by default**.
+[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md) can enable it.
+
+To enable it:
+
+```ruby
+Feature.enable(:bulk_import)
+```
+
+To disable it:
+
+```ruby
+Feature.disable(:bulk_import)
+```
+
+## Import your groups into GitLab
+
+Before you begin, ensure that the target instance of GitLab can communicate with the source
+over HTTPS (HTTP is not supported).
+
+NOTE:
+This might involve reconfiguring your firewall to prevent blocking connection on the side of self-managed instance.
+
+### Connect to the remote GitLab instance
+
+1. Navigate to the New Group page, either via the `+` button in the top navigation bar, or the **New subgroup** button
+on an existing group's page.
+
+   ![Navigation paths to create a new group](img/new_group_navigation_v13_8.png)
+
+1. On the New Group page, select the **Import group** tab.
+
+   ![Fill in import details](img/import_panel_v13_8.png)
+
+1. Fill in source URL of your GitLab.
+1. Fill in [personal access token](../../../user/profile/personal_access_tokens.md) for remote GitLab instance.
+1. Click "Connect instance".
+
+### Selecting which groups to import
+
+After you have authorized access to GitLab instance, you are redirected to the GitLab Group Migration importer page and your remote GitLab groups are listed.
+
+1. By default, the proposed group namespaces match the names as they exist in remote instance, but based on your permissions, you can choose to edit these names before you proceed to import any of them.
+
+1. Select the **Import** button next to any number of groups.
+
+1. The **Status** column shows the import status of each group. You can choose to leave the page open and it will update in real-time.
+
+1. Once a group has been imported, click its GitLab path to open its GitLab URL.
+
+![Group Importer page](img/bulk_imports_v13_8.png)
diff --git a/doc/user/group/index.md b/doc/user/group/index.md
index a0884461da1..069dea40ba5 100644
--- a/doc/user/group/index.md
+++ b/doc/user/group/index.md
@@ -215,10 +215,7 @@ To remove a member from a group:
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/21727) in GitLab 12.6.
 > - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/228675) in GitLab 13.7.
-> - Improvements are [deployed behind a feature flag](../feature_flags.md), enabled by default.
-> - Improvements are enabled on GitLab.com.
-> - Improvements are recommended for production use.
-> - For GitLab self-managed instances, GitLab administrators can opt to [disable improvements](#enable-or-disable-improvements-to-the-ability-to-filter-and-sort-group-members). **(CORE ONLY)**
+> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/289911) in GitLab 13.8.
 
 The following sections illustrate how you can filter and sort members in a group. To view these options,
 navigate to your desired group, go to **Members**, and include the noted search terms.
@@ -269,30 +266,6 @@ You can sort members by **Account**, **Access granted**, **Max role**, or **Last
 
 ![Group members sort](img/group_members_sort_13_7.png)
 
-### Enable or disable improvements to the ability to filter and sort group members **(CORE ONLY)**
-
-Group member filtering and sorting improvements are deployed behind a feature flag that is **enabled by default**.
-[GitLab administrators with access to the GitLab Rails console](../../administration/feature_flags.md)
-can opt to disable the improvements.
-
-To disable them:
-
-```ruby
-# For the instance
-Feature.disable(:group_members_filtered_search)
-# For a single group
-Feature.disable(:group_members_filtered_search, Group.find(<group id>))
-```
-
-To enable them:
-
-```ruby
-# For the instance
-Feature.enable(:group_members_filtered_search)
-# For a single group
-Feature.enable(:group_members_filtered_search, Group.find(<group id>))
-```
-
 ## Changing the default branch protection of a group
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7583) in GitLab 12.9.
@@ -487,7 +460,7 @@ and above.
 There are a few limitations compared to project wikis:
 
 - Git LFS is not supported.
-- Group wikis are not included in global search, group exports, backups, and Geo replication.
+- Group wikis are not included in global search, group exports, and Geo replication.
 - Changes to group wikis don't show up in the group's activity feed.
 - Group wikis [can't be moved](../../api/project_repository_storage_moves.md#limitations) using the project
   repository moves API.
@@ -664,6 +637,12 @@ request to add a new user to a project through API will not be possible.
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/1985) in [GitLab Ultimate and Gold](https://about.gitlab.com/pricing/) 12.0.
 > - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/215410) to [GitLab Premium and Silver](https://about.gitlab.com/pricing/) in 13.1.
 
+NOTE:
+IP Access Restrictions are currently not functioning as expected on GitLab.com. Some users
+may experience blocked Git operations or have difficulties accessing projects. Please
+review the [following bug report](https://gitlab.com/gitlab-org/gitlab/-/issues/271673) for
+more information.
+
 To make sure only people from within your organization can access particular
 resources, you have the option to restrict access to groups and their
 underlying projects, issues, etc, by IP address. This can help ensure that
diff --git a/doc/user/group/iterations/index.md b/doc/user/group/iterations/index.md
index a06c7a8f325..65d3129a825 100644
--- a/doc/user/group/iterations/index.md
+++ b/doc/user/group/iterations/index.md
@@ -88,6 +88,22 @@ similar to how they appear when viewing a [milestone](../../project/milestones/i
 Burndown charts help track completion progress of total scope, and burnup charts track the daily
 total count and weight of issues added to and completed in a given timebox.
 
+### Group issues by label
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/225500) in GitLab 13.8.
+
+You can group the list of issues by label.
+This can help you view issues that have your team's label,
+and get a more accurate understanding of scope attributable to each label.
+
+To group issues by label:
+
+1. In the **Group by** dropdown, select **Label**.
+1. Select the **Filter by label** dropdown.
+1. Select the labels you want to group by in the labels dropdown.
+   You can also search for labels by typing in the search input.
+1. Click or tap outside of the label dropdown. The page is now grouped by the selected labels.
+
 ## Disable iterations **(STARTER ONLY)**
 
 GitLab Iterations feature is deployed with a feature flag that is **enabled by default**.
diff --git a/doc/user/group/roadmap/img/roadmap_filters_v13_7.png b/doc/user/group/roadmap/img/roadmap_filters_v13_7.png
deleted file mode 100644
index 00505a7f34f..00000000000
--- a/doc/user/group/roadmap/img/roadmap_filters_v13_7.png
+++ /dev/null
diff --git a/doc/user/group/roadmap/img/roadmap_filters_v13_8.png b/doc/user/group/roadmap/img/roadmap_filters_v13_8.png
new file mode 100644
index 00000000000..d826909b022
--- /dev/null
+++ b/doc/user/group/roadmap/img/roadmap_filters_v13_8.png
diff --git a/doc/user/group/roadmap/index.md b/doc/user/group/roadmap/index.md
index 6dfa7641dbb..f3b7be536ae 100644
--- a/doc/user/group/roadmap/index.md
+++ b/doc/user/group/roadmap/index.md
@@ -67,8 +67,9 @@ You can also filter epics in the Roadmap view by:
 - Author
 - Label
 - Milestone
+- Confidentiality of epics
 
-![roadmap date range in weeks](img/roadmap_filters_v13_7.png)
+![roadmap date range in weeks](img/roadmap_filters_v13_8.png)
 
 Roadmaps can also be [visualized inside an epic](../epics/index.md#roadmap-in-epics).
 
diff --git a/doc/user/group/saml_sso/group_managed_accounts.md b/doc/user/group/saml_sso/group_managed_accounts.md
index 15dd91bece2..7158b7bc86b 100644
--- a/doc/user/group/saml_sso/group_managed_accounts.md
+++ b/doc/user/group/saml_sso/group_managed_accounts.md
@@ -52,11 +52,13 @@ assertions to be able to create a user.
 
 ## Feature flag **(PREMIUM ONLY)**
 
-The group-managed accounts feature is behind a feature flag: `group_managed_accounts`. The flag is disabled by default.
+The group-managed accounts feature is behind these feature flags: `group_managed_accounts`, `sign_up_on_sso` and `convert_user_to_group_managed_accounts`. The flags are disabled by default.
 To activate the feature, ask a GitLab administrator with Rails console access to run:
 
 ```ruby
 Feature.enable(:group_managed_accounts)
+Feature.enable(:sign_up_on_sso)
+Feature.enable(:convert_user_to_group_managed_accounts)
 ```
 
 ## Project restrictions for Group-managed accounts
diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md
index 62431747911..0ce92eac1a3 100644
--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -80,10 +80,14 @@ Please note that the certificate [fingerprint algorithm](#additional-providers-a
 
 - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5291) in GitLab 11.8.
 - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/9255) in GitLab 11.11 with ongoing enforcement in the GitLab UI.
+- [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/292811) in GitLab 13.8, with an updated timeout experience.
+- [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/211962) in GitLab 13.8 with allowing group owners to not go through SSO.
 
 With this option enabled, users must go through your group's GitLab single sign-on URL. They may also be added via SCIM, if configured. Users can't be added manually, and may only access project/group resources via the UI by signing in through the SSO URL.
 
-However, users are not prompted to sign in through SSO on each visit. GitLab checks whether a user has authenticated through SSO, and only prompts the user to sign in via SSO if the session has expired.
+However, users are not prompted to sign in through SSO on each visit. GitLab checks whether a user
+has authenticated through SSO. If it's been more than 7 days since the last sign-in, GitLab
+prompts the user to sign in again through SSO.
 You can see more information about how long a session is valid in our [user profile documentation](../../profile/#why-do-i-keep-getting-signed-out).
 
 We intend to add a similar SSO requirement for [Git and API activity](https://gitlab.com/gitlab-org/gitlab/-/issues/9152).
@@ -93,11 +97,10 @@ When SSO enforcement is enabled for a group, users can't share a project in the
 ## Providers
 
 NOTE:
-GitLab is unable to provide support for IdPs that are not listed here.
+GitLab is unable to provide full support for integrating identify providers that are not listed here.
 
 | Provider | Documentation |
 |----------|---------------|
-| ADFS (Active Directory Federation Services) | [Create a Relying Party Trust](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/create-a-relying-party-trust) |
 | Azure | [Configuring single sign-on to applications](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/view-applications-portal) |
 | Okta | [Setting up a SAML application in Okta](https://developer.okta.com/docs/guides/build-sso-integration/saml2/overview/) |
 | OneLogin | [Use the OneLogin SAML Test Connector](https://onelogin.service-now.com/support?id=kb_article&sys_id=93f95543db109700d5505eea4b96198f) |
@@ -164,8 +167,9 @@ For more information, see our [discussion on providers](#providers).
 
 Your identity provider may have relevant documentation. It may be generic SAML documentation, or specifically targeted for GitLab. Examples:
 
+- [ADFS (Active Directory Federation Services)](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/create-a-relying-party-trust)
 - [Auth0](https://auth0.com/docs/protocols/saml-configuration-options/configure-auth0-as-saml-identity-provider)
-- [G Suite](https://support.google.com/a/answer/6087519?hl=en)
+- [Google Workspace](https://support.google.com/a/answer/6087519?hl=en)
 - [JumpCloud](https://support.jumpcloud.com/support/s/article/single-sign-on-sso-with-gitlab-2019-08-21-10-36-47)
 - [PingOne by Ping Identity](https://docs.pingidentity.com/bundle/pingone/page/xsh1564020480660-1.html)
 
@@ -209,7 +213,7 @@ When a user tries to sign in with Group SSO, GitLab attempts to find or create a
 To link SAML to your existing GitLab.com account:
 
 1. Sign in to your GitLab.com account.
-1. Locate and visit the **GitLab single sign-on URL** for the group you're signing in to. A group Admin can find this on the group's **Settings > SAML SSO** page. If the sign-in URL is configured, users can connect to the GitLab app from the Identity Provider.
+1. Locate and visit the **GitLab single sign-on URL** for the group you're signing in to. A group owner can find this on the group's **Settings > SAML SSO** page. If the sign-in URL is configured, users can connect to the GitLab app from the Identity Provider.
 1. Click **Authorize**.
 1. Enter your credentials on the Identity Provider if prompted.
 1. You are then redirected back to GitLab.com and should now have access to the group. In the future, you can use SAML to sign in to GitLab.com.
diff --git a/doc/user/group/saml_sso/scim_setup.md b/doc/user/group/saml_sso/scim_setup.md
index 40c036e1fc0..cd3e99ae541 100644
--- a/doc/user/group/saml_sso/scim_setup.md
+++ b/doc/user/group/saml_sso/scim_setup.md
@@ -232,7 +232,7 @@ It is important that this SCIM `id` and SCIM `externalId` are configured to the
 
 Group owners can see the list of users and the `externalId` stored for each user in the group SAML SSO Settings page.
 
-A possible alternative is to use the [SCIM API](../../../api/scim.md#get-a-list-of-saml-users) to manually retrieve the `externalId` we have stored for users, also called the `external_uid` or `NameId`.
+A possible alternative is to use the [SCIM API](../../../api/scim.md#get-a-list-of-scim-provisioned-users) to manually retrieve the `externalId` we have stored for users, also called the `external_uid` or `NameId`.
 
 To see how the `external_uid` compares to the value returned as the SAML NameId, you can have the user use a [SAML Tracer](index.md#saml-debugging-tools).
 
@@ -251,7 +251,7 @@ you can address the problem in the following ways:
 
 - You can have users unlink and relink themselves, based on the ["SAML authentication failed: User has already been taken"](index.md#message-saml-authentication-failed-user-has-already-been-taken) section.
 - You can unlink all users simultaneously, by removing all users from the SAML app while provisioning is turned on.
-- It may be possible to use the [SCIM API](../../../api/scim.md#update-a-single-saml-user) to manually correct the `externalId` stored for users to match the SAML `NameId`.
+- It may be possible to use the [SCIM API](../../../api/scim.md#update-a-single-scim-provisioned-user) to manually correct the `externalId` stored for users to match the SAML `NameId`.
   To look up a user, you'll need to know the desired value that matches the `NameId` as well as the current `externalId`.
 
 It is important not to update these to incorrect values, since this will cause users to be unable to sign in. It is also important not to assign a value to the wrong user, as this would cause users to get signed into the wrong account.
@@ -269,7 +269,7 @@ Changing the SAML or SCIM configuration or provider can cause the following prob
 | Problem                                                                      | Solution           |
 |------------------------------------------------------------------------------|--------------------|
 | SAML and SCIM identity mismatch. | First [verify that the user's SAML NameId matches the SCIM externalId](#how-do-i-verify-users-saml-nameid-matches-the-scim-externalid) and then [update or fix the mismatched SCIM externalId and SAML NameId](#update-or-fix-mismatched-scim-externalid-and-saml-nameid). |
-| SCIM identity mismatch between GitLab and the Identify Provider SCIM app. | You can confirm whether you're hitting the error because of your SCIM identity mismatch between your SCIM app and GitLab.com by using [SCIM API](../../../api/scim.md#update-a-single-saml-user) which shows up in the `id` key and compares it with the user `externalId` in the SCIM app. You can use the same [SCIM API](../../../api/scim.md#update-a-single-saml-user) to update the SCIM `id` for the user on GitLab.com. |
+| SCIM identity mismatch between GitLab and the Identify Provider SCIM app. | You can confirm whether you're hitting the error because of your SCIM identity mismatch between your SCIM app and GitLab.com by using [SCIM API](../../../api/scim.md#update-a-single-scim-provisioned-user) which shows up in the `id` key and compares it with the user `externalId` in the SCIM app. You can use the same [SCIM API](../../../api/scim.md#update-a-single-scim-provisioned-user) to update the SCIM `id` for the user on GitLab.com. |
 
 ### Azure
 
diff --git a/doc/user/group/settings/import_export.md b/doc/user/group/settings/import_export.md
index 2aee8706194..6b95388bf2e 100644
--- a/doc/user/group/settings/import_export.md
+++ b/doc/user/group/settings/import_export.md
@@ -76,7 +76,7 @@ For more details on the specific data persisted in a group export, see the
    file from there by clicking **Download export**, or generate a new file by clicking **Regenerate export**.
 
 NOTE:
-The maximum import file size can be set by the Administrator, default is 50MB.
+The maximum import file size can be set by the Administrator, default is `0` (unlimited).
 As an administrator, you can modify the maximum import file size. To do so, use the `max_import_size` option in the [Application settings API](../../../api/settings.md#change-application-settings) or the [Admin UI](../../admin_area/settings/account_and_limit_settings.md).
 
 ### Between CE and EE
diff --git a/doc/user/group/subgroups/img/group_members_filter_v12_6.png b/doc/user/group/subgroups/img/group_members_filter_v12_6.png
deleted file mode 100644
index 692fdfe00a1..00000000000
--- a/doc/user/group/subgroups/img/group_members_filter_v12_6.png
+++ /dev/null
diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md
index 8af075fc0c0..59812fc2b2f 100644
--- a/doc/user/group/subgroups/index.md
+++ b/doc/user/group/subgroups/index.md
@@ -117,7 +117,7 @@ Follow the same process to create any subsequent groups.
 ## Membership
 
 When you add a member to a group, that member is also added to all subgroups.
-Permission level is inherited from the group’s parent. This model allows access to 
+Permission level is inherited from the group’s parent. This model allows access to
 subgroups if you have membership in one of its parents.
 
 Jobs for pipelines in subgroups can use [runners](../../../ci/runners/README.md) registered to the parent group(s).
diff --git a/doc/user/group/value_stream_analytics/index.md b/doc/user/group/value_stream_analytics/index.md
index 0f9afdef995..438769872c0 100644
--- a/doc/user/group/value_stream_analytics/index.md
+++ b/doc/user/group/value_stream_analytics/index.md
@@ -316,15 +316,6 @@ To delete a custom value stream:
 
 ![Delete value stream](img/delete_value_stream_v13.4.png "Deleting a custom value stream")
 
-### Disabling custom value streams
-
-Custom value streams are enabled by default. If you have a self-managed instance, an
-administrator can open a Rails console and disable them with the following command:
-
-```ruby
-Feature.disable(:value_stream_analytics_create_multiple_value_streams)
-```
-
 ## Days to completion chart
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/21631) in GitLab 12.6.