diff options
Diffstat (limited to 'doc/user/group/saml_sso/index.md')
-rw-r--r-- | doc/user/group/saml_sso/index.md | 49 |
1 files changed, 1 insertions, 48 deletions
diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md index 57b9cc92c51..3d24e7b8d44 100644 --- a/doc/user/group/saml_sso/index.md +++ b/doc/user/group/saml_sso/index.md @@ -5,7 +5,7 @@ group: Access info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers --- -# SAML SSO for GitLab.com groups **(PREMIUM)** +# SAML SSO for GitLab.com groups **(SILVER ONLY)** > Introduced in GitLab 11.0. @@ -256,53 +256,6 @@ For example, to unlink the `MyOrg` account, the following **Disconnect** button | Issuer | How GitLab identifies itself to the identity provider. Also known as a "Relying party trust identifier". | | Certificate fingerprint | Used to confirm that communications over SAML are secure by checking that the server is signing communications with the correct certificate. Also known as a certificate thumbprint. | -## Configuring on a self-managed GitLab instance **(PREMIUM ONLY)** - -For self-managed GitLab instances we strongly recommend using the -[instance-wide SAML OmniAuth Provider](../../../integration/saml.md) instead. - -Group SAML SSO helps if you need to allow access via multiple SAML identity providers, but as a multi-tenant solution is less suited to cases where you administer your own GitLab instance. - -To proceed with configuring Group SAML SSO instead, you'll need to enable the `group_saml` OmniAuth provider. This can be done from: - -- `gitlab.rb` for [Omnibus GitLab installations](#omnibus-installations). -- `gitlab/config/gitlab.yml` for [source installations](#source-installations). - -### Limitations - -Group SAML on a self-managed instance is limited when compared to the recommended -[instance-wide SAML](../../../integration/saml.md). The recommended solution allows you to take advantage of: - -- [LDAP compatibility](../../../administration/auth/ldap/index.md). -- [LDAP Group Sync](../index.md#manage-group-memberships-via-ldap). -- [Required groups](../../../integration/saml.md#required-groups). -- [Admin groups](../../../integration/saml.md#admin-groups). -- [Auditor groups](../../../integration/saml.md#auditor-groups). - -### Omnibus installations - -1. Make sure GitLab is - [configured with HTTPS](../../../install/installation.md#using-https). -1. Enable OmniAuth and the `group_saml` provider in `gitlab.rb`: - - ```ruby - gitlab_rails['omniauth_enabled'] = true - gitlab_rails['omniauth_providers'] = [{ name: 'group_saml' }] - ``` - -### Source installations - -1. Make sure GitLab is - [configured with HTTPS](../../../install/installation.md#using-https). -1. Enable OmniAuth and the `group_saml` provider in `gitlab/config/gitlab.yml`: - - ```yaml - omniauth: - enabled: true - providers: - - { name: 'group_saml' } - ``` - ## Passwords for users created via SAML SSO for Groups The [Generated passwords for users created through integrated authentication](../../../security/passwords_for_integrated_authentication_methods.md) guide provides an overview of how GitLab generates and sets passwords for users created via SAML SSO for Groups. |