Commit a618e6e0 authored by Evan Read's avatar Evan Read

Merge branch 'docs-saml-screenshots' into 'master'

Add SAML screenshots and links

See merge request gitlab-org/gitlab!24013
parents 7b3c48a6 31710a59
...@@ -228,3 +228,6 @@ who are aware of the risks. ...@@ -228,3 +228,6 @@ who are aware of the risks.
- [Repairing and recovering broken Git repositories](https://git.seveas.net/repairing-and-recovering-broken-git-repositories.html) - [Repairing and recovering broken Git repositories](https://git.seveas.net/repairing-and-recovering-broken-git-repositories.html)
- [Testing with OpenSSL](https://www.feistyduck.com/library/openssl-cookbook/online/ch-testing-with-openssl.html) - [Testing with OpenSSL](https://www.feistyduck.com/library/openssl-cookbook/online/ch-testing-with-openssl.html)
- [Strace zine](https://wizardzines.com/zines/strace/) - [Strace zine](https://wizardzines.com/zines/strace/)
- GitLab.com-specific resources:
- [Group SAML/SCIM setup](troubleshooting/group_saml_scim.md)
\ No newline at end of file
---
type: reference
---
# Group SAML and SCIM troubleshooting **(SILVER ONLY)**
These are notes and screenshots regarding Group SAML and SCIM that the GitLab Support Team sometimes uses while troubleshooting, but which do not fit into the official documentation. GitLab is making this public, so that anyone can make use of the Support team’s collected knowledge.
Please refer to GitLab's [Group SAML](../../user/group/saml_sso/index.md) docs for information on the feature and how to set it up.
When troubleshooting a SAML configuration, GitLab team members will frequently start with the [SAML troubleshooting section](../../user/group/saml_sso/index.md#troubleshooting).
They may then set up a test configuration of the desired identity provider. We include example screenshots in this section.
## SAML and SCIM screenshots
This section includes relevant screenshots of the following example configurations of [Group SAML](../../user/group/saml_sso/index.md) and [Group SCIM](../../user/group/saml_sso/scim_setup.md):
- [Azure Active Directory](#azure-active-directory)
- [OneLogin](#onelogin)
CAUTION: **Caution:**
These screenshots are updated only as needed by GitLab Support. They are **not** official documentation.
If you are currently having an issue with GitLab, you may want to check your [support options](https://about.gitlab.com/support/).
## Azure Active Directory
Basic SAML app configuration:
![Azure AD basic SAML](img/AzureAD-basic_SAML.png)
User claims and attributes:
![Azure AD user claims](img/AzureAD-claims.png)
SCIM mapping:
![Azure AD SCIM](img/AzureAD-scim_attribute_mapping.png)
## OneLogin
Application details:
![OneLogin application details](img/OneLogin-app_details.png)
Parameters:
![OneLogin application details](img/OneLogin-parameters.png)
Adding a user:
![OneLogin user add](img/OneLogin-userAdd.png)
SSO settings:
![OneLogin SSO settings](img/OneLogin-SSOsettings.png)
...@@ -265,6 +265,10 @@ Specific attention should be paid to: ...@@ -265,6 +265,10 @@ Specific attention should be paid to:
- The presence of a `X509Certificate`, which we require to verify the response signature. - The presence of a `X509Certificate`, which we require to verify the response signature.
- The `SubjectConfirmation` and `Conditions`, which can cause errors if misconfigured. - The `SubjectConfirmation` and `Conditions`, which can cause errors if misconfigured.
### Verifying configuration
For convenience, we've included some [example resources](../../../administration/troubleshooting/group_saml_scim.md) used by our Support Team. While they may help you verify the SAML app configuration, they are not guaranteed to reflect the current state of third-party products.
### Verifying NameID ### Verifying NameID
In troubleshooting the Group SAML setup, any authenticated user can use the API to verify the NameID GitLab already has linked to the user by visiting [https://gitlab.com/api/v4/user](https://gitlab.com/api/v4/user) and checking the `extern_uid` under identities. In troubleshooting the Group SAML setup, any authenticated user can use the API to verify the NameID GitLab already has linked to the user by visiting [https://gitlab.com/api/v4/user](https://gitlab.com/api/v4/user) and checking the `extern_uid` under identities.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment