diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-13 15:15:42 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-13 15:15:42 +0300 |
| commit | b4d5fdae4298581813f0bd5fec029da91f9dfe05 (patch) | |
| tree | 08b92c331a866b58793db93fbb08a07672de9610 /doc/user/group/saml_sso/index.md | |
| parent | e91ff9d11fe29eb0a30e68b95e8c5700986575c8 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user/group/saml_sso/index.md')
| -rw-r--r-- | doc/user/group/saml_sso/index.md | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md index 2d0e642b3ef..8e574c4fbd1 100644 --- a/doc/user/group/saml_sso/index.md +++ b/doc/user/group/saml_sso/index.md @@ -325,10 +325,7 @@ After you have configured your identity provider, you can: To change the identity provider: -- If the `NameID` is not identical in the existing and new identity providers, - tell users to: - 1. [Unlink the current SAML identity](#unlinking-accounts). - 1. [Link their identity](#user-access-and-management) to the new identity provider. +- If the `NameID` is not identical in the existing and new identity providers, [change the NameID for users](#change-nameid-for-one-or-more-users). - If the `NameID` is identical, users do not have to make any changes. ### Migrate to a different identity provider @@ -340,19 +337,17 @@ users cannot access any of the SAML groups. To mitigate this, you can disable To migrate identity providers: 1. [Configure](#configure-your-identity-provider) the group with the new identity provider. -1. Tell users to: - 1. [Unlink their account from the group](#unlinking-accounts). - 1. [Link their account to the new SAML app](#linking-saml-to-your-existing-gitlabcom-account). +1. [Change the NameID for users](#change-nameid-for-one-or-more-users). ### Change email domains To migrate users to a new email domain, tell users to: 1. Add their new email as the primary email to their accounts and verify it. -1. [Unlink their account from the group](#unlinking-accounts). -1. [Link their account to the group](#linking-saml-to-your-existing-gitlabcom-account). 1. Optional. Remove their old email from the account. +If the NameID is configured with the email address, [change the NameID for users](#change-nameid-for-one-or-more-users). + ## User access and management > - SAML user provisioning [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/268142) in GitLab 13.7. @@ -395,7 +390,8 @@ On subsequent visits, you should be able to go [sign in to GitLab.com with SAML] > Update of SAML identities using the SAML API [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227841) in GitLab 15.5. -Group owners can update the SAML identities for their group members using the [SAML API](../../../api/saml.md). +Group owners can update the SAML identities for their group members using the [SAML API](../../../api/saml.md#update-extern_uid-field-for-a-saml-identity). +If [SCIM](scim_setup.md) is configured, group owners can update the SCIM identities using the [SCIM API](../../../api/scim.md#update-extern_uid-field-for-a-scim-identity). Alternatively, ask the users to reconnect their SAML account. |