Add latest changes from gitlab-org/gitlab@master

7 files changed, 78 insertions, 8 deletions

diff --git a/doc/api/packages/npm.md b/doc/api/packages/npm.md
index bf48fbc8f65..664737e317a 100644
--- a/doc/api/packages/npm.md
+++ b/doc/api/packages/npm.md
@@ -124,6 +124,7 @@ different scopes:
 
 - Use the instance-level prefix to make requests in the scope of the entire instance.
 - Use the project-level prefix to make requests in a single project's scope.
+- Use the group-level prefix to make requests in a group’s scope.
 
 The examples in this document all use the project-level prefix.
 
@@ -147,6 +148,22 @@ The examples in this document all use the project-level prefix.
 | --------- | ------ | -------- | ----------- |
 | `id`      | string | yes      | The project ID or full project path. |
 
+### Group-level
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/299834) in GitLab 16.0 [with a flag](../../administration/feature_flags.md) named `npm_group_level_endpoints`. Disabled by default.
+
+FLAG:
+On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../../administration/feature_flags.md) named `npm_group_level_endpoints`.
+The feature is not ready for production use.
+
+```plaintext
+ /groups/:id/-/packages/npm`
+```
+
+| Attribute | Type   | Required | Description |
+| --------- | ------ | -------- | ----------- |
+| `id`      | string | yes      | The group ID or full group path. |
+
 ## Metadata
 
 Returns the metadata for a given package.
diff --git a/doc/api/users.md b/doc/api/users.md
index a2293090209..4d6bdb26020 100644
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -6,7 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Users API **(FREE)**
 
-This documentation has information on API calls, parameters and responses for the Users API. 
+This documentation has information on API calls, parameters and responses for the Users API.
 
 For information on user activities that update the user event timestamps, see [get user activities](#get-user-activities).
 
@@ -875,7 +875,7 @@ Parameters:
 | :------------------------------- | :------- | :--------------------------------------------------------------------------- |
 | `view_diffs_file_by_file`        | Yes      | Flag indicating the user sees only one file diff per page.                   |
 | `show_whitespace_in_diffs`       | Yes      | Flag indicating the user sees whitespace changes in diffs.                   |
-| `pass_user_identities_to_ci_jwt` | Yes      | Flag indicating the user passes their external identities as CI information. This attribute does not contain enough information to identify or authorize the user in an external system. The attribute is internal to GitLab, and must not be passed to third-party services. |
+| `pass_user_identities_to_ci_jwt` | Yes      | Flag indicating the user passes their external identities as CI information. This attribute does not contain enough information to identify or authorize the user in an external system. The attribute is internal to GitLab, and must not be passed to third-party services. For more information and examples, see [Token Payload](../ci/secrets/id_token_authentication.md#token-payload). |
 
 ## User follow
 
diff --git a/doc/ci/secrets/id_token_authentication.md b/doc/ci/secrets/id_token_authentication.md
index 1ff2a6efbcf..12e0402be25 100644
--- a/doc/ci/secrets/id_token_authentication.md
+++ b/doc/ci/secrets/id_token_authentication.md
@@ -60,6 +60,7 @@ The token also includes custom claims provided by GitLab:
 | `user_id`               | Always                       | ID of the user executing the job. |
 | `user_login`            | Always                       | Username of the user executing the job. |
 | `user_email`            | Always                       | Email of the user executing the job. |
+| `user_identities`       | User Preference setting      | List of the user's external identities ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/387537) in GitLab 16.0). |
 | `pipeline_id`           | Always                       | ID of the pipeline. |
 | `pipeline_source`       | Always                       | [Pipeline source](../jobs/job_control.md#common-if-clauses-for-rules). |
 | `job_id`                | Always                       | ID of the job. |
@@ -83,6 +84,10 @@ The token also includes custom claims provided by GitLab:
   "user_id": "1",
   "user_login": "sample-user",
   "user_email": "sample-user@example.com",
+  "user_identities": [
+      {"provider": "github", "extern_uid": "2435223452345"},
+      {"provider": "bitbucket", "extern_uid": "john.smith"},
+  ],
   "pipeline_id": "574",
   "pipeline_source": "push",
   "job_id": "302",
diff --git a/doc/user/compliance/compliance_report/index.md b/doc/user/compliance/compliance_report/index.md
index d04aeec066f..90167b0b5c7 100644
--- a/doc/user/compliance/compliance_report/index.md
+++ b/doc/user/compliance/compliance_report/index.md
@@ -35,6 +35,8 @@ When you select a row in the compliance report, a drawer appears that provides:
 
 ### View the compliance violations report for a group
 
+> Target branch search [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/358414) in GitLab 16.0.
+
 Prerequisites:
 
 - You must be an administrator or have the Owner role for the group.
@@ -50,6 +52,12 @@ You can sort the compliance report on:
 - Type of violation.
 - Merge request title.
 
+You can filter the compliance violations report on:
+
+- Project.
+- Date range of merge.
+- Target branch.
+
 Select a row to see details of the compliance violation.
 
 #### Severity levels
diff --git a/doc/user/group/saml_sso/scim_setup.md b/doc/user/group/saml_sso/scim_setup.md
index 38a1c4125aa..e05c28bd3f7 100644
--- a/doc/user/group/saml_sso/scim_setup.md
+++ b/doc/user/group/saml_sso/scim_setup.md
@@ -190,8 +190,7 @@ During provisioning:
 
 - Both primary and secondary emails are considered when checking whether a GitLab user account exists.
 - Duplicate usernames are handled by adding suffix `1` when creating the user. For example, if `test_user` already
-  exists, `test_user1` is used. If `test_user1` already exists, GitLab increments the suffix until an unused username
-  is found.
+  exists, `test_user1` is used. If `test_user1` already exists, GitLab increments the suffix to find an unused username. If no unused username is found after 4 tries, a random string is attached to the username.
 
 On subsequent visits, new and existing users can access groups either:
 
diff --git a/doc/user/packages/npm_registry/index.md b/doc/user/packages/npm_registry/index.md
index 52fdda0d523..33ae73dddc2 100644
--- a/doc/user/packages/npm_registry/index.md
+++ b/doc/user/packages/npm_registry/index.md
@@ -119,15 +119,16 @@ Your package should now publish to the Package Registry when the pipeline runs.
 
 If multiple packages have the same name and version, when you install a package, the most recently-published package is retrieved.
 
-You can install a package from a GitLab project or instance:
+You can install a package from a GitLab project, group, or instance:
 
 - **Instance-level**: Use when you have many npm packages in different GitLab groups or in their own namespace.
+- **Group-level**: Use when you have many npm packages in different projects in the same GitLab group.
 - **Project-level**: Use when you have few npm packages and they are not in the same GitLab group.
 
 ### Authenticate to the Package Registry
 
-You must authenticate to the Package Registry to install a package from a private project.
-No authentication is needed if the project is public.
+You must authenticate to the Package Registry to install a package from a private project or a private group.
+No authentication is needed if the project or the group is public.
 
 To authenticate with `npm`:
 
@@ -145,7 +146,13 @@ If you're installing:
   npm config set -- //your_domain_name/api/v4/packages/npm/:_authToken=your_token
   ```
 
-  From the project level:
+- From the group level:
+
+  ```shell
+  npm config set -- //your_domain_name/api/v4/groups/your_group_id/-/packages/npm/:_authToken=your_token
+  ```
+
+- From the project level:
 
   ```shell
   npm config set -- //your_domain_name/api/v4/projects/your_project_id/packages/npm/:_authToken=your_token
@@ -154,6 +161,7 @@ If you're installing:
 In these examples:
 
 - Replace `your_domain_name` with your domain name, for example, `gitlab.com`.
+- Replace `your_group_id` with your group ID, found on the group's home page.
 - Replace `your_project_id` is your project ID, found on the project's home page.
 - Replace `your_token` with a deploy token, group access token, project access token, or personal access token.
 
@@ -185,6 +193,32 @@ To install a package from the instance level, the package must have been publish
    npm install @scope/my-package
    ```
 
+### Install from the group level
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/299834) in GitLab 16.0 [with a flag](../../../administration/feature_flags.md) named `npm_group_level_endpoints`. Disabled by default.
+
+FLAG:
+On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../../../administration/feature_flags.md) named `npm_group_level_endpoints`.
+The feature is not ready for production use.
+
+1. [Authenticate to the Package Registry](#authenticate-to-the-package-registry).
+
+1. Set the registry
+
+   ```shell
+   npm config set @scope:registry=https://your_domain_name/api/v4/groups/your_group_id/-/packages/npm/
+   ```
+
+   - Replace `@scope` with the [root level group](#naming-convention) of the group you're installing to the package from.
+   - Replace `your_domain_name` with your domain name, for example, `gitlab.com`.
+   - Replace `your_group_id` is your group ID, found on the group's home page.
+
+1. Install the package
+
+   ```shell
+   npm install @scope/my-package
+   ```
+
 ### Install from the project level
 
 1. [Authenticate to the Package Registry](#authenticate-to-the-package-registry).
diff --git a/doc/user/profile/preferences.md b/doc/user/profile/preferences.md
index da4d2da70fe..e72113dc321 100644
--- a/doc/user/profile/preferences.md
+++ b/doc/user/profile/preferences.md
@@ -182,6 +182,13 @@ NOTE:
 This feature is experimental, and choosing absolute times might break certain layouts.
 Open an issue if you notice that using absolute times breaks a layout.
 
+## User identities in CI job JSON web tokens
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/387537) in GitLab 16.0. False by default.
+
+You can select to include the list of your external identities in the JSON Web Token information that is generated for a CI job.
+For more information and examples, see [Token Payload](../../ci/secrets/id_token_authentication.md#token-payload).
+
 ## Integrations
 
 Configure your preferences with third-party services which provide enhancements to your GitLab experience.