Commit ebf94dea authored by Tristan Williams's avatar Tristan Williams Committed by Marcel Amirault

Restore old blocking access section and enhance

parent fac363ef
......@@ -137,8 +137,6 @@ When SSO is enforced, users are not immediately revoked. If the user:
- Has an active session, they can continue accessing the group for up to 24 hours until the identity
provider session times out.
When SCIM updates, the user's access is immediately revoked.
## Providers
The SAML standard means that you can use a wide range of identity providers with GitLab. Your identity provider might have relevant documentation. It can be generic SAML documentation or specifically targeted for GitLab.
......@@ -304,7 +302,14 @@ If a user is already a member of the group, linking the SAML identity does not c
### Blocking access
Please refer to [Blocking access via SCIM](scim_setup.md#blocking-access).
To rescind a user's access to the group when only SAML SSO is configured, either:
- Remove (in order) the user from:
1. The user data store on the identity provider or the list of users on the specific app.
1. The GitLab.com group.
- Use Group Sync at the top-level of your group to [automatically remove the user](#automatic-member-removal).
To rescind a user's access to the group when also using SCIM, refer to [Blocking access](scim_setup.md#blocking-access).
### Unlinking accounts
......
......@@ -184,8 +184,7 @@ For role information, please see the [Group SAML page](index.md#user-access-and-
### Blocking access
To rescind access to the top-level group, all sub-groups, and projects, remove or deactivate the user
on the identity provider. SCIM providers generally update GitLab with the changes on demand, which
is minutes at most. The user's membership is revoked and they immediately lose access.
on the identity provider. After the identity provider performs a sync, based on its configured schedule, the user's membership is revoked and they lose access.
NOTE:
Deprovisioning does not delete the GitLab user account.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment