diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-12 00:09:34 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-12 00:09:34 +0000 |
| commit | 5781a4966047232d4725f9ee4769c4bd5aed9b26 (patch) | |
| tree | 0ef2b81a40931ec51f8fdd5284ed9e47cf42a923 /doc/user | |
| parent | 4d48b3cfcd74bcca0f0f305746f74cf7224dd78b (diff) | |
| download | gitlab-ce-5781a4966047232d4725f9ee4769c4bd5aed9b26.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user')
| -rw-r--r-- | doc/user/admin_area/settings/sign_up_restrictions.md | 7 | ||||
| -rw-r--r-- | doc/user/group/saml_sso/index.md | 13 |
2 files changed, 14 insertions, 6 deletions
diff --git a/doc/user/admin_area/settings/sign_up_restrictions.md b/doc/user/admin_area/settings/sign_up_restrictions.md index 590907e5bef..a7a6b0ecefd 100644 --- a/doc/user/admin_area/settings/sign_up_restrictions.md +++ b/doc/user/admin_area/settings/sign_up_restrictions.md @@ -37,12 +37,7 @@ email domains to prevent malicious users from creating accounts. ## Require email confirmation You can send confirmation emails during sign-up and require that users confirm -their email address. If this setting is selected: - -- For GitLab 12.7 and earlier, the user is unable to sign in until they confirm their - email address. -- For GitLab 12.8 and later, the user [has 30 days to confirm their email address](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/31245). - After 30 days, they will be unable to log in and access GitLab features. +their email address before they are allowed to sign in.  diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md index fa9b820838e..79d6307efd9 100644 --- a/doc/user/group/saml_sso/index.md +++ b/doc/user/group/saml_sso/index.md @@ -62,6 +62,8 @@ However, users will not be prompted to log via SSO on each visit. GitLab will ch We intend to add a similar SSO requirement for [Git and API activity](https://gitlab.com/gitlab-org/gitlab/issues/9152) in the future. +When SSO enforcement is enabled for a group, users cannot share a project in the group outside the top-level group, even if the project is forked. + #### Group-managed accounts > [Introduced in GitLab 12.1](https://gitlab.com/groups/gitlab-org/-/epics/709). @@ -74,6 +76,7 @@ When this option is enabled: - All existing and new users in the group will be required to log in via the SSO URL associated with the group. - After the group-managed account has been created, group activity will require the use of this user account. +- Users can't share a project in the group outside the top-level group (also applies to forked projects). Upon successful authentication, GitLab prompts the user with options, based on the email address received from the configured identity provider: @@ -107,6 +110,16 @@ Groups with enabled group-managed accounts can allow or disallow forking of proj by using separate toggle. If forking is disallowed any project of given root group or its subgroups can be forked to a subgroup of the same root group only. +##### Other restrictions for Group-managed accounts + +> [Introduced in GitLab 12.9](https://gitlab.com/gitlab-org/gitlab/issues/12420) +Projects within groups with enabled group-managed accounts are not to be shared with: + +- Groups outside of the parent group +- Members who are not users managed by this group + +This restriction also applies to projects forked from or to those groups. + #### Assertions When using group-managed accounts, the following user details need to be passed to GitLab as SAML |