Commit 96e4ba61 authored by Evan Read's avatar Evan Read

Merge branch 'docs-zd-265220-SAML-Grou-Sync' into 'master'

Move and Improve SAML Group Sync warning to top

See merge request gitlab-org/gitlab!79895
parents 2d64625f b3708bf2
...@@ -339,6 +339,13 @@ For example, to unlink the `MyOrg` account: ...@@ -339,6 +339,13 @@ For example, to unlink the `MyOrg` account:
## Group Sync ## Group Sync
WARNING:
Changing Group Sync configuration can remove users from the relevant GitLab group.
Removal happens if there is any mismatch between the group names and the list of `groups` in the SAML response.
If changes must be made, ensure either the SAML response includes the `groups` attribute
and the `AttributeValue` value matches the **SAML Group Name** in GitLab,
or that all groups are removed from GitLab to disable Group Sync.
<i class="fa fa-youtube-play youtube" aria-hidden="true"></i> <i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
For a demo of Group Sync using Azure, see [Demo: SAML Group Sync](https://youtu.be/Iqvo2tJfXjg). For a demo of Group Sync using Azure, see [Demo: SAML Group Sync](https://youtu.be/Iqvo2tJfXjg).
...@@ -356,10 +363,6 @@ Ensure your SAML identity provider sends an attribute statement named `Groups` o ...@@ -356,10 +363,6 @@ Ensure your SAML identity provider sends an attribute statement named `Groups` o
</saml:AttributeStatement> </saml:AttributeStatement>
``` ```
WARNING:
Setting up Group Sync can disconnect users from SAML IDP if there is any mismatch in the configuration. Ensure the
`Groups` attribute is included in the SAML response, and the **SAML Group Name** matches the `AttributeValue` attribute.
Other attribute names such as `http://schemas.microsoft.com/ws/2008/06/identity/claims/groups` Other attribute names such as `http://schemas.microsoft.com/ws/2008/06/identity/claims/groups`
are not accepted as a source of groups. are not accepted as a source of groups.
See the [SAML troubleshooting page](../../../administration/troubleshooting/group_saml_scim.md) See the [SAML troubleshooting page](../../../administration/troubleshooting/group_saml_scim.md)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment