summaryrefslogtreecommitdiff
path: root/doc/user/group/saml_sso/scim_setup.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/user/group/saml_sso/scim_setup.md')
-rw-r--r--doc/user/group/saml_sso/scim_setup.md27
1 files changed, 14 insertions, 13 deletions
diff --git a/doc/user/group/saml_sso/scim_setup.md b/doc/user/group/saml_sso/scim_setup.md
index dd4558b4a3e..2651bcb9e12 100644
--- a/doc/user/group/saml_sso/scim_setup.md
+++ b/doc/user/group/saml_sso/scim_setup.md
@@ -115,12 +115,7 @@ configuration. Otherwise, the Okta SCIM app may not work properly.
1. Sign in to Okta.
1. Ensure you are in the Admin section by selecting the **Admin** button located in the top right. The admin button is not visible from the admin page.
-
- NOTE:
- If you're using the Developer Console, select **Developer Console** in the top
- bar and then select **Classic UI**. Otherwise, you may not see the buttons described in the following steps:
-
-1. In the **Application** tab, select **Add Application**.
+1. In the **Application** tab, select **Browse App Catalog**.
1. Search for **GitLab**, find and select on the 'GitLab' application.
1. On the GitLab application overview page, select **Add**.
1. Under **Application Visibility** select both checkboxes. Currently the GitLab application does not support SAML authentication so the icon should not be shown to users.
@@ -170,14 +165,11 @@ During provisioning:
- Duplicate usernames are also handled, by adding suffix `1` upon user creation. For example,
due to already existing `test_user` username, `test_user1` is used.
-As long as [Group SAML](index.md) has been configured, existing GitLab.com users can link to their accounts in one of the following ways:
-
-- By updating their *primary* email address in their GitLab.com user account to match their identity provider's user profile email address.
-- By following these steps:
+If [Group SAML](index.md) has been configured and you have an existing GitLab.com account, you can link your SCIM and SAML identities:
- 1. Sign in to GitLab.com if needed.
- 1. In the identity provider's dashboard select the GitLab app or visit the **GitLab single sign-on URL**.
- 1. Select the **Authorize**.
+1. Update the [primary email](../../profile/index.md#change-your-primary-email) address in your GitLab.com user account to match the
+ user profile email address in your identity provider.
+1. [Link your SAML identity](index.md#linking-saml-to-your-existing-gitlabcom-account).
We recommend users do this prior to turning on sync, because while synchronization is active, there may be provisioning errors for existing users.
@@ -303,3 +295,12 @@ As a workaround, try an alternate mapping:
1. Follow the Azure mapping instructions from above.
1. Delete the `name.formatted` target attribute entry.
1. Change the `displayName` source attribute to have `name.formatted` target attribute.
+
+#### Failed to match an entry in the source and target systems Group 'Group-Name'
+
+Group provisioning in Azure can fail with the `Failed to match an entry in the source and target systems Group 'Group-Name'` error message,
+and the error response can include a HTML result of the GitLab URL `https://gitlab.com/users/sign_in`.
+
+This error is harmless and occurs because Group provisioning was turned on but GitLab SCIM integration does not support it nor require it. To
+remove the error, follow the instructions in the Azure configuration guide to disable the option
+[`Synchronize Azure Active Directory Groups to AppName`](#azure-configuration-steps).
View Lorry Controller Status