Add documentation on password generation for authentication methods

This change adds documentation on password generation
for authentication methods

doc/administration/auth/smartcard.md

@@ -310,6 +310,10 @@ attribute. As a prerequisite, you must use an LDAP server that:
 1. Save the file and [restart](../restart_gitlab.md#installations-from-source)
    GitLab for the changes to take effect.
 
+## Passwords for users created via smartcard authentication
+
+The [How we generate passwords for users created via integrated authentication methods](../../security/passwords_for_integrated_authentication_methods.md) guide provides an overview of how GitLab generates and sets passwords for users created via smartcard authentication.
+
 <!-- ## Troubleshooting
 
 Include any troubleshooting steps that you can foresee. If you know beforehand what issues

doc/integration/omniauth.md

@@ -324,3 +324,7 @@ of the OmniAuth users has admin permissions.
 
 You may also bypass the auto signin feature by browsing to
 `https://gitlab.example.com/users/sign_in?auto_sign_in=false`.
+
+## Passwords for users created via OmniAuth
+
+The [How we generate passwords for users created via integrated authentication methods](../security/passwords_for_integrated_authentication_methods.md) guide provides an overview of how GitLab generates and sets passwords for users created via OmniAuth.

doc/integration/saml.md

@@ -584,6 +584,10 @@ These attributes define the SAML user. If users can change these attributes, the
 
 Refer to the documentation for your SAML Identity Provider for information on how to fix these attributes.
 
+## Passwords for users created via SAML
+
+The [How we generate passwords for users created via integrated authentication methods](../security/passwords_for_integrated_authentication_methods.md) guide provides an overview of how GitLab generates and sets passwords for users created via SAML.
+
 ## Troubleshooting
 
 You can find the base64-encoded SAML Response in the [`production_json.log`](../administration/logs.md#production_jsonlog).

doc/security/README.md

@@ -7,6 +7,7 @@ type: index
 
 - [Password storage](password_storage.md)
 - [Password length limits](password_length_limits.md)
+- [How we generate passwords for users created via integrated authentication methods](passwords_for_integrated_authentication_methods.md)
 - [Restrict SSH key technologies and minimum length](ssh_keys_restrictions.md)
 - [Rate limits](rate_limits.md)
 - [Webhooks and insecure internal web services](webhooks.md)

doc/security/passwords_for_integrated_authentication_methods.md

+---
+type: reference
+---
+
+# How we generate passwords for users created via integrated authentication methods
+
+GitLab allows users to create accounts using different [authentication methods](../administration/auth/README.md) like OmniAuth, SAML, SCIM, Smartcard authentication etc.
+
+These authentication methods does not require the user to explicitly create a password for their account upon signup. However, to maintain data consistency, GitLab requires each user account to have a password associated with it.
+
+For such accounts, we use the [`friendly_token`](https://github.com/heartcombo/devise/blob/f26e05c20079c9acded3c0ee16da0df435a28997/lib/devise.rb#L492) method provided by the Devise gem to generate a random, unique and secure password and sets it as the account password during sign up.
+
+The length of the generated password is the set based on the value of [maximum password length](password_length_limits.md#modify-maximum-password-length-using-configuration-file) as set in the Devise configuation. The default value is 128 characters.

doc/user/group/saml_sso/index.md

@@ -300,6 +300,10 @@ Group SAML on a self-managed instance is limited when compared to the recommende
           - { name: 'group_saml' }
     ```
 
+## Passwords for users created via SAML SSO for Groups
+
+The [How we generate passwords for users created via integrated authentication methods](../../../security/passwords_for_integrated_authentication_methods.md) guide provides an overview of how GitLab generates and sets passwords for users created via SAML SSO for Groups.
+
 ## Troubleshooting
 
 This section contains possible solutions for problems you might encounter.