Commit 58c2c643 authored by Mike Jang's avatar Mike Jang

Merge branch 'bbodenmiller-master-patch-47757' into 'master'

Add details about how can set external & auditor users

See merge request gitlab-org/gitlab!52981
parents e6dc194f 15425097
...@@ -68,6 +68,8 @@ To create a new Auditor user: ...@@ -68,6 +68,8 @@ To create a new Auditor user:
To revoke Auditor permissions from a user, make them a regular user by To revoke Auditor permissions from a user, make them a regular user by
following the previous steps. following the previous steps.
Additionally users can be set as an Auditor using [SAML groups](../integration/saml.md#auditor-groups).
## Permissions and restrictions of an Auditor user ## Permissions and restrictions of an Auditor user
An Auditor user should be able to access all projects and groups of a GitLab An Auditor user should be able to access all projects and groups of a GitLab
......
...@@ -163,7 +163,7 @@ will be returned to GitLab and will be signed in. ...@@ -163,7 +163,7 @@ will be returned to GitLab and will be signed in.
## SAML Groups ## SAML Groups
You can require users to be members of a certain group, or assign users `external`, `admin` or `auditor` roles based on group membership. You can require users to be members of a certain group, or assign users [external](../user/permissions.md#external-users), admin or [auditor](../user/permissions.md#auditor-users) roles based on group membership.
These groups are checked on each SAML login and user attributes updated as necessary. These groups are checked on each SAML login and user attributes updated as necessary.
This feature **does not** allow you to This feature **does not** allow you to
automatically add users to GitLab [Groups](../user/group/index.md). automatically add users to GitLab [Groups](../user/group/index.md).
...@@ -217,7 +217,7 @@ Example: ...@@ -217,7 +217,7 @@ Example:
### External groups **(PREMIUM SELF)** ### External groups **(PREMIUM SELF)**
SAML login supports automatic identification on whether a user should be considered an [external](../user/permissions.md) user. This is based on the user's group membership in the SAML identity provider. SAML login supports automatic identification on whether a user should be considered an [external user](../user/permissions.md#external-users). This is based on the user's group membership in the SAML identity provider.
```yaml ```yaml
{ name: 'saml', { name: 'saml',
...@@ -259,7 +259,7 @@ considered admin users. ...@@ -259,7 +259,7 @@ considered admin users.
The requirements are the same as the previous settings, your IdP needs to pass Group information to GitLab, you need to tell The requirements are the same as the previous settings, your IdP needs to pass Group information to GitLab, you need to tell
GitLab where to look for the groups in the SAML response, and which group(s) should be GitLab where to look for the groups in the SAML response, and which group(s) should be
considered auditor users. considered [auditor users](../user/permissions.md#auditor-users).
```yaml ```yaml
{ name: 'saml', { name: 'saml',
......
...@@ -352,6 +352,9 @@ An administrator can flag a user as external by either of the following methods: ...@@ -352,6 +352,9 @@ An administrator can flag a user as external by either of the following methods:
or edit an existing one. There, you can find the option to flag the user as or edit an existing one. There, you can find the option to flag the user as
external. external.
Additionally users can be set as external users using [SAML groups](../integration/saml.md#external-groups)
and [LDAP groups](../administration/auth/ldap/index.md#external-groups).
### Setting new users to external ### Setting new users to external
By default, new users are not set as external users. This behavior can be changed By default, new users are not set as external users. This behavior can be changed
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment