Commit 97ab32f8 authored by Gosia Ksionek's avatar Gosia Ksionek Committed by Mike Jang

Add documentation about restrictions connected with enforced sso

parent 0e0563cf
...@@ -62,6 +62,8 @@ However, users will not be prompted to log via SSO on each visit. GitLab will ch ...@@ -62,6 +62,8 @@ However, users will not be prompted to log via SSO on each visit. GitLab will ch
We intend to add a similar SSO requirement for [Git and API activity](https://gitlab.com/gitlab-org/gitlab/issues/9152) in the future. We intend to add a similar SSO requirement for [Git and API activity](https://gitlab.com/gitlab-org/gitlab/issues/9152) in the future.
When SSO enforcement is enabled for a group, users cannot share a project in the group outside the top-level group, even if the project is forked.
#### Group-managed accounts #### Group-managed accounts
> [Introduced in GitLab 12.1](https://gitlab.com/groups/gitlab-org/-/epics/709). > [Introduced in GitLab 12.1](https://gitlab.com/groups/gitlab-org/-/epics/709).
...@@ -74,6 +76,7 @@ When this option is enabled: ...@@ -74,6 +76,7 @@ When this option is enabled:
- All existing and new users in the group will be required to log in via the SSO URL associated with the group. - All existing and new users in the group will be required to log in via the SSO URL associated with the group.
- After the group-managed account has been created, group activity will require the use of this user account. - After the group-managed account has been created, group activity will require the use of this user account.
- Users can't share a project in the group outside the top-level group (also applies to forked projects).
Upon successful authentication, GitLab prompts the user with options, based on the email address received from the configured identity provider: Upon successful authentication, GitLab prompts the user with options, based on the email address received from the configured identity provider:
...@@ -107,6 +110,16 @@ Groups with enabled group-managed accounts can allow or disallow forking of proj ...@@ -107,6 +110,16 @@ Groups with enabled group-managed accounts can allow or disallow forking of proj
by using separate toggle. If forking is disallowed any project of given root group or its subgroups can be forked to by using separate toggle. If forking is disallowed any project of given root group or its subgroups can be forked to
a subgroup of the same root group only. a subgroup of the same root group only.
##### Other restrictions for Group-managed accounts
> [Introduced in GitLab 12.9](https://gitlab.com/gitlab-org/gitlab/issues/12420)
Projects within groups with enabled group-managed accounts are not to be shared with:
- Groups outside of the parent group
- Members who are not users managed by this group
This restriction also applies to projects forked from or to those groups.
#### Assertions #### Assertions
When using group-managed accounts, the following user details need to be passed to GitLab as SAML When using group-managed accounts, the following user details need to be passed to GitLab as SAML
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment