diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-12 00:09:34 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-12 00:09:34 +0000 |
commit | 5781a4966047232d4725f9ee4769c4bd5aed9b26 (patch) | |
tree | 0ef2b81a40931ec51f8fdd5284ed9e47cf42a923 /doc/user/group | |
parent | 4d48b3cfcd74bcca0f0f305746f74cf7224dd78b (diff) | |
download | gitlab-ce-5781a4966047232d4725f9ee4769c4bd5aed9b26.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user/group')
-rw-r--r-- | doc/user/group/saml_sso/index.md | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md index fa9b820838e..79d6307efd9 100644 --- a/doc/user/group/saml_sso/index.md +++ b/doc/user/group/saml_sso/index.md @@ -62,6 +62,8 @@ However, users will not be prompted to log via SSO on each visit. GitLab will ch We intend to add a similar SSO requirement for [Git and API activity](https://gitlab.com/gitlab-org/gitlab/issues/9152) in the future. +When SSO enforcement is enabled for a group, users cannot share a project in the group outside the top-level group, even if the project is forked. + #### Group-managed accounts > [Introduced in GitLab 12.1](https://gitlab.com/groups/gitlab-org/-/epics/709). @@ -74,6 +76,7 @@ When this option is enabled: - All existing and new users in the group will be required to log in via the SSO URL associated with the group. - After the group-managed account has been created, group activity will require the use of this user account. +- Users can't share a project in the group outside the top-level group (also applies to forked projects). Upon successful authentication, GitLab prompts the user with options, based on the email address received from the configured identity provider: @@ -107,6 +110,16 @@ Groups with enabled group-managed accounts can allow or disallow forking of proj by using separate toggle. If forking is disallowed any project of given root group or its subgroups can be forked to a subgroup of the same root group only. +##### Other restrictions for Group-managed accounts + +> [Introduced in GitLab 12.9](https://gitlab.com/gitlab-org/gitlab/issues/12420) +Projects within groups with enabled group-managed accounts are not to be shared with: + +- Groups outside of the parent group +- Members who are not users managed by this group + +This restriction also applies to projects forked from or to those groups. + #### Assertions When using group-managed accounts, the following user details need to be passed to GitLab as SAML |