Commit da07ff05 authored by Evan Read's avatar Evan Read

Merge branch 'jej/recommend-against-email-for-saml-nameid-in-docs' into 'master'

Docs: Recommend against using email as SAML NameID

See merge request gitlab-org/gitlab!17951
parents e2657ca2 16b810fc
...@@ -64,7 +64,10 @@ GitLab.com uses the SAML NameID to identify users. The NameID element: ...@@ -64,7 +64,10 @@ GitLab.com uses the SAML NameID to identify users. The NameID element:
- Is a required field in the SAML response. - Is a required field in the SAML response.
- Must be unique to each user. - Must be unique to each user.
- Must be a persistent value that will never change, such as a unique ID or username. Email could also be used as the NameID, but only if it can be guaranteed to never change. - Must be a persistent value that will never change, such as a randomly generated unique user ID.
- Is case sensitive. The NameID must match exactly on subsequent login attempts, so should not rely on user input that could change between upper and lower case.
We strongly recommend against using Email as the NameID as it is hard to guarantee it will never change, for example when a person's name changes. Similarly usernames should be avoided if possible.
### Assertions ### Assertions
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment