Add clarity regarding SSO enforcement

893cb2b9 · Tim Poffenbarger · Evan Read · 74eb96b4 · 893cb2b9
Commit 893cb2b9 authored Nov 10, 2021 by Tim Poffenbarger Committed by Evan Read Nov 10, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

doc/user/group/saml_sso/index.md doc/user/group/saml_sso/index.md +3 -2

No files found.
--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -118,8 +118,9 @@ SSO has the following effects when enabled:

 - For groups, users can't share a project in the group outside the top-level group,
  even if the project is forked.
- For a Git activity, users must be signed-in through SSO before they can push to or
-  pull from a GitLab repository.
+- For Git activity over SSH and HTTPS, users must have at least one active session signed-in through SSO before they can push to or
+  pull from a GitLab repository. 
+- Credentials that are not tied to regular users (for example, access tokens and deploy keys) do not have the SSO check enforced.
 - Users must be signed-in through SSO before they can pull images using the [Dependency Proxy](../../packages/dependency_proxy/index.md).
 <!-- Add bullet for API activity when https://gitlab.com/gitlab-org/gitlab/-/issues/9152 is complete -->