Compare SaaS and Self-Managed authentications

f44c1fd8 · Tim Poffenbarger · Mike Jang · f7648c58 · f44c1fd8 · f44c1fd8
Commit f44c1fd8 authored Apr 01, 2021 by Tim Poffenbarger Committed by Mike Jang Apr 01, 2021
3 changed files
--- a/doc/administration/auth/README.md
+++ b/doc/administration/auth/README.md
@@ -37,3 +37,16 @@ providers:

 NOTE:
 UltraAuth has removed their software which supports OmniAuth integration. We have therefore removed all references to UltraAuth integration.
+
+## SaaS vs Self-Managed Comparison
+
+The external authentication and authorization providers may support the following capabilities.
+For more information, see the links shown on this page for each external provider.
+
+| Capability                                      | SaaS                                    | Self-Managed                       |
+|-------------------------------------------------|-----------------------------------------|------------------------------------|
+| **User Provisioning**                           | SCIM<br>JIT Provisioning                | LDAP Sync                          |
+| **User Detail Updating** (not group management) | Not Available                           | LDAP Sync                          |
+| **Authentication**                              | SAML at top-level group (1 provider)    | LDAP (multiple providers)<br>Generic OAuth2<br>SAML (only 1 permitted per unique provider)<br>Kerberos<br>JWT<br>Smartcard<br>OmniAuth Providers (only 1 permitted per unique provider) |
+| **Provider-to-GitLab Role Sync**                | SAML Group Sync                         | LDAP Group Sync                    |
+| **User Removal**                                | SCIM (remove user from top-level group) | LDAP (Blocking User from Instance) |
--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -10,6 +10,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 > Introduced in GitLab 11.0.

 This page describes SAML for Groups. For instance-wide SAML on self-managed GitLab instances, see [SAML OmniAuth Provider](../../../integration/saml.md).
+[View the differences between SaaS and Self-Managed Authentication and Authorization Options](../../../administration/auth/README.md#saas-vs-self-managed-comparison).

 SAML on GitLab.com allows users to sign in through their SAML identity provider. If the user is not already a member, the sign-in process automatically adds the user to the appropriate group.


--- a/doc/user/group/saml_sso/scim_setup.md
+++ b/doc/user/group/saml_sso/scim_setup.md
@@ -20,7 +20,6 @@ The GitLab [SCIM API](../../../api/scim.md) implements part of [the RFC7644 prot
 The following actions are available:

 - Create users
- Update users (Azure only)
 - Deactivate users

 The following identity providers are supported: