Commit 5503174e authored by Mike Jang's avatar Mike Jang

Merge branch 'mjang-change-bronze-starter-access' into 'master'

Update group:access docs, to replace "STARTER*" Tiers

See merge request gitlab-org/gitlab!52733
parents cb08e7c5 1edbc654
...@@ -53,8 +53,8 @@ are already logged in or are using Git over SSH are be able to access ...@@ -53,8 +53,8 @@ are already logged in or are using Git over SSH are be able to access
GitLab for up to one hour. Manually block the user in the GitLab Admin Area to GitLab for up to one hour. Manually block the user in the GitLab Admin Area to
immediately block all access. immediately block all access.
GitLab Enterprise Edition Starter supports a GitLab Enterprise Edition Premium supports a
[configurable sync time](#adjusting-ldap-user-sync-schedule). **(STARTER)** [configurable sync time](#adjusting-ldap-user-sync-schedule). **(PREMIUM)**
## Git password authentication **(FREE SELF)** ## Git password authentication **(FREE SELF)**
...@@ -205,7 +205,7 @@ LDAP attributes that GitLab uses to create an account for the LDAP user. The spe ...@@ -205,7 +205,7 @@ LDAP attributes that GitLab uses to create an account for the LDAP user. The spe
| `first_name` | LDAP attribute for user first name. Used when the attribute configured for `name` does not exist. | no | `'givenName'` | | `first_name` | LDAP attribute for user first name. Used when the attribute configured for `name` does not exist. | no | `'givenName'` |
| `last_name` | LDAP attribute for user last name. Used when the attribute configured for `name` does not exist. | no | `'sn'` | | `last_name` | LDAP attribute for user last name. Used when the attribute configured for `name` does not exist. | no | `'sn'` |
### LDAP Sync Configuration Settings **(STARTER ONLY)** ### LDAP Sync Configuration Settings **(PREMIUM SELF)**
| Setting | Description | Required | Examples | | Setting | Description | Required | Examples |
| ------- | ----------- | -------- | -------- | | ------- | ----------- | -------- | -------- |
...@@ -254,7 +254,7 @@ group, you can use the following syntax: ...@@ -254,7 +254,7 @@ group, you can use the following syntax:
For more information about this "LDAP_MATCHING_RULE_IN_CHAIN" filter, see the following For more information about this "LDAP_MATCHING_RULE_IN_CHAIN" filter, see the following
[Microsoft Search Filter Syntax](https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax) document. [Microsoft Search Filter Syntax](https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax) document.
Support for nested members in the user filter should not be confused with Support for nested members in the user filter should not be confused with
[group sync nested groups support](#supported-ldap-group-typesattributes). **(STARTER ONLY)** [group sync nested groups support](#supported-ldap-group-typesattributes). **(PREMIUM SELF)**
Please note that GitLab does not support the custom filter syntax used by Please note that GitLab does not support the custom filter syntax used by
OmniAuth LDAP. OmniAuth LDAP.
...@@ -467,7 +467,7 @@ You should disable anonymous LDAP authentication and enable simple or SASL ...@@ -467,7 +467,7 @@ You should disable anonymous LDAP authentication and enable simple or SASL
authentication. The TLS client authentication setting in your LDAP server cannot authentication. The TLS client authentication setting in your LDAP server cannot
be mandatory and clients cannot be authenticated with the TLS protocol. be mandatory and clients cannot be authenticated with the TLS protocol.
## Multiple LDAP servers **(STARTER ONLY)** ## Multiple LDAP servers **(PREMIUM SELF)**
With GitLab Enterprise Edition Starter, you can configure multiple LDAP servers With GitLab Enterprise Edition Starter, you can configure multiple LDAP servers
that your GitLab instance connects to. that your GitLab instance connects to.
...@@ -515,7 +515,7 @@ gitlab_rails['ldap_servers'] = { ...@@ -515,7 +515,7 @@ gitlab_rails['ldap_servers'] = {
If you configure multiple LDAP servers, use a unique naming convention for the `label` section of each entry. That label is used as the display name of the tab shown on the sign-in page. If you configure multiple LDAP servers, use a unique naming convention for the `label` section of each entry. That label is used as the display name of the tab shown on the sign-in page.
## User sync **(STARTER ONLY)** ## User sync **(PREMIUM SELF)**
Once per day, GitLab runs a worker to check and update GitLab Once per day, GitLab runs a worker to check and update GitLab
users against LDAP. users against LDAP.
...@@ -546,7 +546,7 @@ The LDAP sync process: ...@@ -546,7 +546,7 @@ The LDAP sync process:
- Updates existing users. - Updates existing users.
- Creates new users on first sign in. - Creates new users on first sign in.
### Adjusting LDAP user sync schedule **(STARTER ONLY)** ### Adjusting LDAP user sync schedule **(PREMIUM SELF)**
By default, GitLab runs a worker once per day at 01:30 a.m. server time to By default, GitLab runs a worker once per day at 01:30 a.m. server time to
check and update GitLab users against LDAP. check and update GitLab users against LDAP.
...@@ -579,7 +579,7 @@ sync to run once every 12 hours at the top of the hour. ...@@ -579,7 +579,7 @@ sync to run once every 12 hours at the top of the hour.
1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect. 1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect.
## Group Sync **(STARTER ONLY)** ## Group Sync **(PREMIUM SELF)**
If your LDAP supports the `memberof` property, when the user signs in for the If your LDAP supports the `memberof` property, when the user signs in for the
first time GitLab triggers a sync for groups the user should be a member of. first time GitLab triggers a sync for groups the user should be a member of.
...@@ -629,11 +629,11 @@ following. ...@@ -629,11 +629,11 @@ following.
To take advantage of group sync, group owners or maintainers need to [create one To take advantage of group sync, group owners or maintainers need to [create one
or more LDAP group links](#adding-group-links). or more LDAP group links](#adding-group-links).
### Adding group links **(STARTER ONLY)** ### Adding group links **(PREMIUM SELF)**
For information on adding group links via CNs and filters, refer to [the GitLab groups documentation](../../../user/group/index.md#manage-group-memberships-via-ldap). For information on adding group links via CNs and filters, refer to [the GitLab groups documentation](../../../user/group/index.md#manage-group-memberships-via-ldap).
### Administrator sync **(STARTER ONLY)** ### Administrator sync **(PREMIUM SELF)**
As an extension of group sync, you can automatically manage your global GitLab As an extension of group sync, you can automatically manage your global GitLab
administrators. Specify a group CN for `admin_group` and all members of the administrators. Specify a group CN for `admin_group` and all members of the
...@@ -677,7 +677,7 @@ group, as opposed to the full DN. ...@@ -677,7 +677,7 @@ group, as opposed to the full DN.
1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect. 1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect.
### Global group memberships lock **(STARTER ONLY)** ### Global group memberships lock **(PREMIUM SELF)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/1793) in GitLab 12.0. > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/1793) in GitLab 12.0.
...@@ -696,7 +696,7 @@ To enable it you need to: ...@@ -696,7 +696,7 @@ To enable it you need to:
1. Navigate to **(admin)** **Admin Area > Settings -> Visibility and access controls**. 1. Navigate to **(admin)** **Admin Area > Settings -> Visibility and access controls**.
1. Make sure the "Lock memberships to LDAP synchronization" checkbox is enabled. 1. Make sure the "Lock memberships to LDAP synchronization" checkbox is enabled.
### Adjusting LDAP group sync schedule **(STARTER ONLY)** ### Adjusting LDAP group sync schedule **(PREMIUM SELF)**
By default, GitLab runs a group sync process every hour, on the hour. By default, GitLab runs a group sync process every hour, on the hour.
The values shown are in cron format. If needed, you can use a The values shown are in cron format. If needed, you can use a
...@@ -735,7 +735,7 @@ sync to run once every 2 hours at the top of the hour. ...@@ -735,7 +735,7 @@ sync to run once every 2 hours at the top of the hour.
1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect. 1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect.
### External groups **(STARTER ONLY)** ### External groups **(PREMIUM SELF)**
Using the `external_groups` setting will allow you to mark all users belonging Using the `external_groups` setting will allow you to mark all users belonging
to these groups as [external users](../../../user/permissions.md#external-users). to these groups as [external users](../../../user/permissions.md#external-users).
......
...@@ -52,7 +52,7 @@ main: # 'main' is the GitLab 'provider ID' of this LDAP server ...@@ -52,7 +52,7 @@ main: # 'main' is the GitLab 'provider ID' of this LDAP server
admin_group: 'my_admin_group' admin_group: 'my_admin_group'
``` ```
#### Query LDAP **(STARTER ONLY)** #### Query LDAP **(PREMIUM SELF)**
The following allows you to perform a search in LDAP using the rails console. The following allows you to perform a search in LDAP using the rails console.
Depending on what you're trying to do, it may make more sense to query [a Depending on what you're trying to do, it may make more sense to query [a
...@@ -210,7 +210,7 @@ ldapsearch -H ldaps://$host:$port -D "$bind_dn" -y bind_dn_password.txt -b "$ba ...@@ -210,7 +210,7 @@ ldapsearch -H ldaps://$host:$port -D "$bind_dn" -y bind_dn_password.txt -b "$ba
port. port.
- We are assuming the password for the `bind_dn` user is in `bind_dn_password.txt`. - We are assuming the password for the `bind_dn` user is in `bind_dn_password.txt`.
#### Sync all users **(STARTER ONLY)** #### Sync all users **(PREMIUM SELF)**
The output from a manual [user sync](index.md#user-sync) can show you what happens when The output from a manual [user sync](index.md#user-sync) can show you what happens when
GitLab tries to sync its users against LDAP. Enter the [rails console](#rails-console) GitLab tries to sync its users against LDAP. Enter the [rails console](#rails-console)
...@@ -225,7 +225,7 @@ LdapSyncWorker.new.perform ...@@ -225,7 +225,7 @@ LdapSyncWorker.new.perform
Next, [learn how to read the Next, [learn how to read the
output](#example-console-output-after-a-user-sync). output](#example-console-output-after-a-user-sync).
##### Example console output after a user sync **(STARTER ONLY)** ##### Example console output after a user sync **(PREMIUM SELF)**
The output from a [manual user sync](#sync-all-users) will be very verbose, and a The output from a [manual user sync](#sync-all-users) will be very verbose, and a
single user's successful sync can look like this: single user's successful sync can look like this:
...@@ -316,9 +316,9 @@ adapter = Gitlab::Auth::Ldap::Adapter.new('ldapmain') # If `main` is the LDAP pr ...@@ -316,9 +316,9 @@ adapter = Gitlab::Auth::Ldap::Adapter.new('ldapmain') # If `main` is the LDAP pr
Gitlab::Auth::Ldap::Person.find_by_uid('<uid>', adapter) Gitlab::Auth::Ldap::Person.find_by_uid('<uid>', adapter)
``` ```
### Group memberships **(STARTER ONLY)** ### Group memberships **(PREMIUM SELF)**
#### Membership(s) not granted **(STARTER ONLY)** #### Membership(s) not granted **(PREMIUM SELF)**
Sometimes you may think a particular user should be added to a GitLab group via Sometimes you may think a particular user should be added to a GitLab group via
LDAP group sync, but for some reason it's not happening. There are several LDAP group sync, but for some reason it's not happening. There are several
...@@ -376,7 +376,7 @@ group sync](#sync-all-groups) in the rails console and [look through the ...@@ -376,7 +376,7 @@ group sync](#sync-all-groups) in the rails console and [look through the
output](#example-console-output-after-a-group-sync) to see what happens when output](#example-console-output-after-a-group-sync) to see what happens when
GitLab syncs the `admin_group`. GitLab syncs the `admin_group`.
#### Sync all groups **(STARTER ONLY)** #### Sync all groups **(PREMIUM SELF)**
NOTE: NOTE:
To sync all groups manually when debugging is unnecessary, [use the Rake To sync all groups manually when debugging is unnecessary, [use the Rake
...@@ -394,7 +394,7 @@ LdapAllGroupsSyncWorker.new.perform ...@@ -394,7 +394,7 @@ LdapAllGroupsSyncWorker.new.perform
Next, [learn how to read the Next, [learn how to read the
output](#example-console-output-after-a-group-sync). output](#example-console-output-after-a-group-sync).
##### Example console output after a group sync **(STARTER ONLY)** ##### Example console output after a group sync **(PREMIUM SELF)**
Like the output from the user sync, the output from the [manual group Like the output from the user sync, the output from the [manual group
sync](#sync-all-groups) will also be very verbose. However, it contains lots sync](#sync-all-groups) will also be very verbose. However, it contains lots
...@@ -484,7 +484,7 @@ stating as such: ...@@ -484,7 +484,7 @@ stating as such:
No `admin_group` configured for 'ldapmain' provider. Skipping No `admin_group` configured for 'ldapmain' provider. Skipping
``` ```
#### Sync one group **(STARTER ONLY)** #### Sync one group **(PREMIUM SELF)**
[Syncing all groups](#sync-all-groups) can produce a lot of noise in the output, which can be [Syncing all groups](#sync-all-groups) can produce a lot of noise in the output, which can be
distracting when you're only interested in troubleshooting the memberships of distracting when you're only interested in troubleshooting the memberships of
...@@ -506,7 +506,7 @@ EE::Gitlab::Auth::Ldap::Sync::Group.execute_all_providers(group) ...@@ -506,7 +506,7 @@ EE::Gitlab::Auth::Ldap::Sync::Group.execute_all_providers(group)
The output will be similar to The output will be similar to
[that you'd get from syncing all groups](#example-console-output-after-a-group-sync). [that you'd get from syncing all groups](#example-console-output-after-a-group-sync).
#### Query a group in LDAP **(STARTER ONLY)** #### Query a group in LDAP **(PREMIUM SELF)**
When you'd like to confirm that GitLab can read a LDAP group and see all its members, When you'd like to confirm that GitLab can read a LDAP group and see all its members,
you can run the following: you can run the following:
...@@ -562,7 +562,7 @@ emails.each do |username, email| ...@@ -562,7 +562,7 @@ emails.each do |username, email|
end end
``` ```
You can then [run a UserSync](#sync-all-users) **(STARTER ONLY)** to sync the latest DN You can then [run a UserSync](#sync-all-users) **(PREMIUM SELF)** to sync the latest DN
for each of these users. for each of these users.
## Debugging Tools ## Debugging Tools
......
...@@ -34,7 +34,7 @@ limit by passing a number to the check task: ...@@ -34,7 +34,7 @@ limit by passing a number to the check task:
rake gitlab:ldap:check[50] rake gitlab:ldap:check[50]
``` ```
## Run a group sync **(STARTER ONLY)** ## Run a group sync **(PREMIUM SELF)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/14735) in [GitLab Starter](https://about.gitlab.com/pricing/) 12.2. > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/14735) in [GitLab Starter](https://about.gitlab.com/pricing/) 12.2.
......
...@@ -764,8 +764,8 @@ Parameters: ...@@ -764,8 +764,8 @@ Parameters:
| `request_access_enabled` | boolean | no | Allow users to request member access. | | `request_access_enabled` | boolean | no | Allow users to request member access. |
| `parent_id` | integer | no | The parent group ID for creating nested group. | | `parent_id` | integer | no | The parent group ID for creating nested group. |
| `default_branch_protection` | integer | no | See [Options for `default_branch_protection`](#options-for-default_branch_protection). Default to the global level default branch protection setting. | | `default_branch_protection` | integer | no | See [Options for `default_branch_protection`](#options-for-default_branch_protection). Default to the global level default branch protection setting. |
| `shared_runners_minutes_limit` | integer | no | **(STARTER ONLY)** Pipeline minutes quota for this group (included in plan). Can be `nil` (default; inherit system default), `0` (unlimited) or `> 0` | | `shared_runners_minutes_limit` | integer | no | **(PREMIUM SELF)** Pipeline minutes quota for this group (included in plan). Can be `nil` (default; inherit system default), `0` (unlimited) or `> 0` |
| `extra_shared_runners_minutes_limit` | integer | no | **(STARTER ONLY)** Extra pipeline minutes quota for this group (purchased in addition to the minutes included in the plan). | | `extra_shared_runners_minutes_limit` | integer | no | **(PREMIUM SELF)** Extra pipeline minutes quota for this group (purchased in addition to the minutes included in the plan). |
### Options for `default_branch_protection` ### Options for `default_branch_protection`
...@@ -838,8 +838,8 @@ PUT /groups/:id ...@@ -838,8 +838,8 @@ PUT /groups/:id
| `request_access_enabled` | boolean | no | Allow users to request member access. | | `request_access_enabled` | boolean | no | Allow users to request member access. |
| `default_branch_protection` | integer | no | See [Options for `default_branch_protection`](#options-for-default_branch_protection). | | `default_branch_protection` | integer | no | See [Options for `default_branch_protection`](#options-for-default_branch_protection). |
| `file_template_project_id` | integer | no | **(PREMIUM)** The ID of a project to load custom file templates from. | | `file_template_project_id` | integer | no | **(PREMIUM)** The ID of a project to load custom file templates from. |
| `shared_runners_minutes_limit` | integer | no | **(STARTER ONLY)** Pipeline minutes quota for this group (included in plan). Can be `nil` (default; inherit system default), `0` (unlimited) or `> 0` | | `shared_runners_minutes_limit` | integer | no | **(PREMIUM SELF)** Pipeline minutes quota for this group (included in plan). Can be `nil` (default; inherit system default), `0` (unlimited) or `> 0` |
| `extra_shared_runners_minutes_limit` | integer | no | **(STARTER ONLY)** Extra pipeline minutes quota for this group (purchased in addition to the minutes included in the plan). | | `extra_shared_runners_minutes_limit` | integer | no | **(PREMIUM SELF)** Extra pipeline minutes quota for this group (purchased in addition to the minutes included in the plan). |
| `prevent_forking_outside_group` | boolean | no | **(PREMIUM)** When enabled, users can **not** fork projects from this group to external namespaces | `prevent_forking_outside_group` | boolean | no | **(PREMIUM)** When enabled, users can **not** fork projects from this group to external namespaces
| `shared_runners_setting` | string | no | See [Options for `shared_runners_setting`](#options-for-shared_runners_setting). Enable or disable shared runners for a group's subgroups and projects. | | `shared_runners_setting` | string | no | See [Options for `shared_runners_setting`](#options-for-shared_runners_setting). Enable or disable shared runners for a group's subgroups and projects. |
...@@ -1135,7 +1135,7 @@ DELETE /groups/:id/hooks/:hook_id ...@@ -1135,7 +1135,7 @@ DELETE /groups/:id/hooks/:hook_id
Group audit events can be accessed via the [Group Audit Events API](audit_events.md#group-audit-events) Group audit events can be accessed via the [Group Audit Events API](audit_events.md#group-audit-events)
## Sync group with LDAP **(STARTER ONLY)** ## Sync group with LDAP **(PREMIUM SELF)**
Syncs the group with its linked LDAP group. Only available to group owners and administrators. Syncs the group with its linked LDAP group. Only available to group owners and administrators.
...@@ -1155,7 +1155,7 @@ Please consult the [Group Members](members.md) documentation. ...@@ -1155,7 +1155,7 @@ Please consult the [Group Members](members.md) documentation.
List, add, and delete LDAP group links. List, add, and delete LDAP group links.
### List LDAP group links **(STARTER ONLY)** ### List LDAP group links **(PREMIUM SELF)**
Lists LDAP group links. Lists LDAP group links.
...@@ -1167,7 +1167,7 @@ GET /groups/:id/ldap_group_links ...@@ -1167,7 +1167,7 @@ GET /groups/:id/ldap_group_links
| --------- | -------------- | -------- | ----------- | | --------- | -------------- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) | | `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) |
### Add LDAP group link with CN or filter **(STARTER ONLY)** ### Add LDAP group link with CN or filter **(PREMIUM SELF)**
Adds an LDAP group link using a CN or filter. Adding a group link by filter is only supported in the Premium tier and above. Adds an LDAP group link using a CN or filter. Adding a group link by filter is only supported in the Premium tier and above.
...@@ -1186,7 +1186,7 @@ POST /groups/:id/ldap_group_links ...@@ -1186,7 +1186,7 @@ POST /groups/:id/ldap_group_links
NOTE: NOTE:
To define the LDAP group link, provide either a `cn` or a `filter`, but not both. To define the LDAP group link, provide either a `cn` or a `filter`, but not both.
### Delete LDAP group link **(STARTER ONLY)** ### Delete LDAP group link **(PREMIUM SELF)**
Deletes an LDAP group link. Deprecated. Scheduled for removal in a future release. Deletes an LDAP group link. Deprecated. Scheduled for removal in a future release.
...@@ -1211,7 +1211,7 @@ DELETE /groups/:id/ldap_group_links/:provider/:cn ...@@ -1211,7 +1211,7 @@ DELETE /groups/:id/ldap_group_links/:provider/:cn
| `cn` | string | yes | The CN of an LDAP group | | `cn` | string | yes | The CN of an LDAP group |
| `provider` | string | yes | LDAP provider for the LDAP group link | | `provider` | string | yes | LDAP provider for the LDAP group link |
### Delete LDAP group link with CN or filter **(STARTER ONLY)** ### Delete LDAP group link with CN or filter **(PREMIUM SELF)**
Deletes an LDAP group link using a CN or filter. Deleting by filter is only supported in the Premium tier and above. Deletes an LDAP group link using a CN or filter. Deleting by filter is only supported in the Premium tier and above.
......
...@@ -5,7 +5,7 @@ info: "To determine the technical writer assigned to the Stage/Group associated ...@@ -5,7 +5,7 @@ info: "To determine the technical writer assigned to the Stage/Group associated
type: reference, how-to type: reference, how-to
--- ---
# Kerberos integration **(STARTER ONLY)** # Kerberos integration **(PREMIUM SELF)**
GitLab can integrate with [Kerberos](https://web.mit.edu/kerberos/) as an authentication mechanism. GitLab can integrate with [Kerberos](https://web.mit.edu/kerberos/) as an authentication mechanism.
......
...@@ -187,7 +187,7 @@ The name of the attribute can be anything you like, but it must contain the grou ...@@ -187,7 +187,7 @@ The name of the attribute can be anything you like, but it must contain the grou
to which a user belongs. In order to tell GitLab where to find these groups, you need to which a user belongs. In order to tell GitLab where to find these groups, you need
to add a `groups_attribute:` element to your SAML settings. to add a `groups_attribute:` element to your SAML settings.
### Required groups **(STARTER ONLY)** ### Required groups **(PREMIUM SELF)**
Your IdP passes Group Information to the SP (GitLab) in the SAML Response. You need to configure GitLab to identify: Your IdP passes Group Information to the SP (GitLab) in the SAML Response. You need to configure GitLab to identify:
...@@ -213,7 +213,7 @@ Example: ...@@ -213,7 +213,7 @@ Example:
} } } }
``` ```
### External Groups **(STARTER ONLY)** ### External groups **(PREMIUM SELF)**
SAML login supports automatic identification on whether a user should be considered an [external](../user/permissions.md) user. This is based on the user's group membership in the SAML identity provider. SAML login supports automatic identification on whether a user should be considered an [external](../user/permissions.md) user. This is based on the user's group membership in the SAML identity provider.
...@@ -231,7 +231,7 @@ SAML login supports automatic identification on whether a user should be conside ...@@ -231,7 +231,7 @@ SAML login supports automatic identification on whether a user should be conside
} } } }
``` ```
### Admin Groups **(STARTER ONLY)** ### Admin groups **(PREMIUM SELF)**
The requirements are the same as the previous settings, your IdP needs to pass Group information to GitLab, you need to tell The requirements are the same as the previous settings, your IdP needs to pass Group information to GitLab, you need to tell
GitLab where to look for the groups in the SAML response, and which group(s) should be GitLab where to look for the groups in the SAML response, and which group(s) should be
...@@ -251,7 +251,7 @@ considered admin users. ...@@ -251,7 +251,7 @@ considered admin users.
} } } }
``` ```
### Auditor Groups **(STARTER ONLY)** ### Auditor groups **(PREMIUM SELF)**
> Introduced in [GitLab Starter](https://about.gitlab.com/pricing/) 11.4. > Introduced in [GitLab Starter](https://about.gitlab.com/pricing/) 11.4.
......
...@@ -327,7 +327,7 @@ A group's **Details** page includes tabs for: ...@@ -327,7 +327,7 @@ A group's **Details** page includes tabs for:
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/207164) in GitLab [Starter](https://about.gitlab.com/pricing/) 12.10 as > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/207164) in GitLab [Starter](https://about.gitlab.com/pricing/) 12.10 as
a [beta feature](https://about.gitlab.com/handbook/product/#beta) a [beta feature](https://about.gitlab.com/handbook/product/#beta)
The group details view also shows the number of the following items created in the last 90 days: **(STARTER)** The group details view also shows the number of the following items created in the last 90 days: **(PREMIUM)**
- Merge requests. - Merge requests.
- Issues. - Issues.
...@@ -389,7 +389,7 @@ To share a given group, for example, 'Frontend' with another group, for example, ...@@ -389,7 +389,7 @@ To share a given group, for example, 'Frontend' with another group, for example,
All the members of the 'Engineering' group will have been added to 'Frontend'. All the members of the 'Engineering' group will have been added to 'Frontend'.
## Manage group memberships via LDAP **(STARTER ONLY)** ## Manage group memberships via LDAP **(PREMIUM SELF)**
Group syncing allows LDAP groups to be mapped to GitLab groups. This provides more control over per-group user management. To configure group syncing edit the `group_base` **DN** (`'OU=Global Groups,OU=GitLab INT,DC=GitLab,DC=org'`). This **OU** contains all groups that will be associated with GitLab groups. Group syncing allows LDAP groups to be mapped to GitLab groups. This provides more control over per-group user management. To configure group syncing edit the `group_base` **DN** (`'OU=Global Groups,OU=GitLab INT,DC=GitLab,DC=org'`). This **OU** contains all groups that will be associated with GitLab groups.
...@@ -400,7 +400,7 @@ For more information on the administration of LDAP and group sync, refer to the ...@@ -400,7 +400,7 @@ For more information on the administration of LDAP and group sync, refer to the
NOTE: NOTE:
If an LDAP user is a group member when LDAP Synchronization is added, and they are not part of the LDAP group, they will be removed from the group. If an LDAP user is a group member when LDAP Synchronization is added, and they are not part of the LDAP group, they will be removed from the group.
### Creating group links via CN **(STARTER ONLY)** ### Creating group links via CN **(PREMIUM SELF)**
To create group links via CN: To create group links via CN:
...@@ -428,7 +428,7 @@ To create group links via filter: ...@@ -428,7 +428,7 @@ To create group links via filter:
![Creating group links via filter](img/ldap_sync_filter_v13_1.png) ![Creating group links via filter](img/ldap_sync_filter_v13_1.png)
### Overriding user permissions **(STARTER ONLY)** ### Overriding user permissions **(PREMIUM SELF)**
In GitLab [8.15](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/822) and later, LDAP user permissions can now be manually overridden by an admin user. To override a user's permissions: In GitLab [8.15](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/822) and later, LDAP user permissions can now be manually overridden by an admin user. To override a user's permissions:
...@@ -616,7 +616,7 @@ To enable this feature, navigate to the group settings page. Select ...@@ -616,7 +616,7 @@ To enable this feature, navigate to the group settings page. Select
![Checkbox for share with group lock](img/share_with_group_lock.png) ![Checkbox for share with group lock](img/share_with_group_lock.png)
#### Member Lock **(STARTER)** #### Member Lock **(PREMIUM)**
Member lock lets a group owner prevent any new project membership to all of the Member lock lets a group owner prevent any new project membership to all of the
projects within a group, allowing tighter control over project membership. projects within a group, allowing tighter control over project membership.
...@@ -814,11 +814,11 @@ To enable prevent project forking: ...@@ -814,11 +814,11 @@ To enable prevent project forking:
- **Webhooks**: Configure [webhooks](../project/integrations/webhooks.md) for your group. - **Webhooks**: Configure [webhooks](../project/integrations/webhooks.md) for your group.
- **Kubernetes cluster integration**: Connect your GitLab group with [Kubernetes clusters](clusters/index.md). - **Kubernetes cluster integration**: Connect your GitLab group with [Kubernetes clusters](clusters/index.md).
- **Audit Events**: View [Audit Events](../../administration/audit_events.md) - **Audit Events**: View [Audit Events](../../administration/audit_events.md)
for the group. **(STARTER ONLY)** for the group. **(PREMIUM SELF)**
- **Pipelines quota**: Keep track of the [pipeline quota](../admin_area/settings/continuous_integration.md) for the group. - **Pipelines quota**: Keep track of the [pipeline quota](../admin_area/settings/continuous_integration.md) for the group.
- **Integrations**: Configure [integrations](../admin_area/settings/project_integration_management.md) for your group. - **Integrations**: Configure [integrations](../admin_area/settings/project_integration_management.md) for your group.
#### Group push rules **(STARTER)** #### Group push rules **(PREMIUM)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/34370) in [GitLab Starter](https://about.gitlab.com/pricing/) 12.8. > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/34370) in [GitLab Starter](https://about.gitlab.com/pricing/) 12.8.
> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/224129) in GitLab 13.4. > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/224129) in GitLab 13.4.
...@@ -839,7 +839,7 @@ When set, new subgroups have push rules set for them based on either: ...@@ -839,7 +839,7 @@ When set, new subgroups have push rules set for them based on either:
For information about setting a maximum artifact size for a group, see For information about setting a maximum artifact size for a group, see
[Maximum artifacts size](../admin_area/settings/continuous_integration.md#maximum-artifacts-size). [Maximum artifacts size](../admin_area/settings/continuous_integration.md#maximum-artifacts-size).
## User contribution analysis **(STARTER)** ## User contribution analysis **(PREMIUM)**
With [GitLab Contribution Analytics](contribution_analytics/index.md), With [GitLab Contribution Analytics](contribution_analytics/index.md),
you have an overview of the contributions (pushes, merge requests, you have an overview of the contributions (pushes, merge requests,
......
...@@ -8,7 +8,7 @@ type: reference, howto ...@@ -8,7 +8,7 @@ type: reference, howto
# Project access tokens # Project access tokens
NOTE: NOTE:
Project access tokens are supported for self-managed instances on Core and above. They are also supported on GitLab.com Bronze and above (excluding [trial licenses](https://about.gitlab.com/free-trial/)). Project access tokens are supported for self-managed instances on Free and above. They are also supported on GitLab SaaS Premium and above (excluding [trial licenses](https://about.gitlab.com/free-trial/)).
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/2587) in GitLab 13.0. > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/2587) in GitLab 13.0.
> - [Became available on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/235765) in GitLab 13.5 for paid groups only. > - [Became available on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/235765) in GitLab 13.5 for paid groups only.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment