Merge branch 'docs-spt-191664' into 'master'

Move assertions to SAML page See merge request gitlab-org/gitlab!54376

Merge branch 'docs-spt-191664' into 'master'
Move assertions to SAML page See merge request gitlab-org/gitlab!54376
0582a4f3 · David O'Regan · fea6316d · b3bd251c · 0582a4f3 · 0582a4f3
Commit 0582a4f3 authored Feb 22, 2021 by David O'Regan
3 changed files
--- a/doc/user/group/saml_sso/group_managed_accounts.md
+++ b/doc/user/group/saml_sso/group_managed_accounts.md
@@ -37,17 +37,7 @@ Since use of the group-managed account requires the use of SSO, users of group-m
 - The user is unable to access the group (their credentials no longer work on the identity provider when prompted to use SSO).
 - Contributions in the group (for example, issues and merge requests) remains intact.
-## Assertions
+Please refer to our [SAML SSO for Groups page](../index.md) for information on how to configure SAML.
-When using group-managed accounts, the following user details need to be passed to GitLab as SAML
-assertions to be able to create a user.
-| Field           | Supported keys |
-|-----------------|----------------|
-| Email (required)| `email`, `mail` |
-| Full Name       | `name` |
-| First Name      | `first_name`, `firstname`, `firstName` |
-| Last Name       | `last_name`, `lastname`, `lastName` |
 ## Feature flag **(PREMIUM SELF)**

--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -25,7 +25,7 @@ SAML SSO is only configurable at the top-level group.
 1. Navigate to the group and select **Settings > SAML SSO**.
 1. Configure your SAML server using the **Assertion consumer service URL**, **Identifier**, and **GitLab single sign-on URL**. Alternatively GitLab provides [metadata XML configuration](#metadata-configuration). See [specific identity provider documentation](#providers) for more details.
 1. Configure the SAML response to include a NameID that uniquely identifies each user.
-1. Configure [required assertions](group_managed_accounts.md#assertions) if using [Group Managed Accounts](group_managed_accounts.md).
+1. Configure [required assertions](#assertions) if using [Group Managed Accounts](group_managed_accounts.md), or expecting new user accounts to be created.
 1. While the default is enabled for most SAML providers, please ensure the app is set to have [Service Provider](#glossary) initiated calls in order to link existing GitLab accounts.
 1. Once the identity provider is set up, move on to [configuring GitLab](#configuring-gitlab).
@@ -53,6 +53,19 @@ Once users have signed into GitLab using the SSO SAML setup, changing the `NameI
 We recommend setting the NameID format to `Persistent` unless using a field (such as email) that requires a different format.
+### Assertions
+For users to be created with the right information with the improved [user access and management](#user-access-and-management),
+the following user details need to be passed to GitLab as SAML assertions.
+| Field           | Supported keys |
+|-----------------|----------------|
+| Email (required)| `email`, `mail` |
+| Username        | `username`, `nickname` |
+| Full Name       | `name` |
+| First Name      | `first_name`, `firstname`, `firstName` |
+| Last Name       | `last_name`, `lastname`, `lastName` |
 ### Metadata configuration
 GitLab provides metadata XML that can be used to configure your Identity Provider.

--- a/ee/app/views/groups/saml_providers/_info.html.haml
+++ b/ee/app/views/groups/saml_providers/_info.html.haml
@@ -8,7 +8,7 @@
      %li
        = _("During this process, you’ll be asked for URLs from GitLab’s side. Use the URLs shown below.")
      %li
-        = (_("Set up assertions/attributes/claims (email, first_name, last_name) and NameID according to %{docsLinkStart}the documentation %{icon}%{docsLinkEnd}") % { icon: sprite_icon('external-link'), docsLinkStart: "<a href='#{help_page_path('user/group/saml_sso/group_managed_accounts', anchor: 'assertions')}' target='_blank'>", docsLinkEnd: '</a>' }).html_safe
+        = (_("Set up assertions/attributes/claims (email, first_name, last_name) and NameID according to %{docsLinkStart}the documentation %{icon}%{docsLinkEnd}") % { icon: sprite_icon('external-link'), docsLinkStart: "<a href='#{help_page_path('user/group/saml_sso/index.md', anchor: 'assertions')}' target='_blank'>", docsLinkEnd: '</a>' }).html_safe
      %li
        = html_escape(_("Fill in the fields below, turn on %{strong_open}Enable SAML authentication for this group%{strong_close}, and press %{strong_open}Save changes%{strong_close}")) % { strong_open: '<strong>'.html_safe, strong_close: '</strong>'.html_safe }
      %li