Add latest changes from gitlab-org/gitlab@master

10 files changed, 40 insertions, 12 deletions

diff --git a/doc/administration/troubleshooting/group_saml_scim.md b/doc/administration/troubleshooting/group_saml_scim.md
index 7c2733d9d63..e2ce72d5a16 100644
--- a/doc/administration/troubleshooting/group_saml_scim.md
+++ b/doc/administration/troubleshooting/group_saml_scim.md
@@ -38,6 +38,24 @@ SCIM mapping:
 
 ![Azure AD SCIM](img/AzureAD-scim_attribute_mapping.png)
 
+## Okta
+
+Basic SAML app configuration:
+
+![Okta basic SAML](img/Okta-SAMLsetup.png)
+
+User claims and attributes:
+
+![Okta Attributes](img/Okta-attributes.png)
+
+Advanced SAML app settings (defaults):
+
+![Okta Advanced Settings](img/Okta-advancedsettings.png)
+
+IdP Links and Certificate:
+
+![Okta Links and Certificate](img/Okta-linkscert.png)
+
 ## OneLogin
 
 Application details:
diff --git a/doc/administration/troubleshooting/img/Okta-SAMLsetup.png b/doc/administration/troubleshooting/img/Okta-SAMLsetup.png
new file mode 100644
index 00000000000..8171febb5bc
--- /dev/null
+++ b/doc/administration/troubleshooting/img/Okta-SAMLsetup.png
diff --git a/doc/administration/troubleshooting/img/Okta-advancedsettings.png b/doc/administration/troubleshooting/img/Okta-advancedsettings.png
new file mode 100644
index 00000000000..43eb546f238
--- /dev/null
+++ b/doc/administration/troubleshooting/img/Okta-advancedsettings.png
diff --git a/doc/administration/troubleshooting/img/Okta-attributes.png b/doc/administration/troubleshooting/img/Okta-attributes.png
new file mode 100644
index 00000000000..e4a7b33fe55
--- /dev/null
+++ b/doc/administration/troubleshooting/img/Okta-attributes.png
diff --git a/doc/administration/troubleshooting/img/Okta-linkscert.png b/doc/administration/troubleshooting/img/Okta-linkscert.png
new file mode 100644
index 00000000000..33e6b3cc53e
--- /dev/null
+++ b/doc/administration/troubleshooting/img/Okta-linkscert.png
diff --git a/doc/subscriptions/index.md b/doc/subscriptions/index.md
index 1c8ecec139d..9cf58353991 100644
--- a/doc/subscriptions/index.md
+++ b/doc/subscriptions/index.md
@@ -173,7 +173,7 @@ To see the status of your GitLab.com subscription, log into GitLab.com and go to
   1. Go to **User Avatar > Settings**.
   1. Click **Billing**.
 - For groups:
-  1. From the group page (*not* from a project within the group), go to **Settings > Billing**.
+  1. From the group page (*not* from a project within the group), go to **Administration > Billing**.
 
 The following table describes details of your subscription for groups:
 
@@ -427,7 +427,7 @@ CI pipeline minutes are the execution time for your [pipelines](../ci/pipelines/
 
 Quotas apply to:
 
-- Groups, where the minutes are shared across all members of the group, its subgroups, and nested projects. To view the group's usage, navigate to the group, then **{settings}** **Settings > Usage Quotas**.
+- Groups, where the minutes are shared across all members of the group, its subgroups, and nested projects. To view the group's usage, navigate to the group, then **{settings}** **Administration > Usage Quotas**.
 - Your personal account, where the minutes are available for your personal projects. To view and buy personal minutes, click your avatar, then **{settings}** **Settings > Pipeline quota**.
 
 Only pipeline minutes for GitLab shared runners are restricted. If you have a specific runner set up for your projects, there is no limit to your build time on GitLab.com.
@@ -448,10 +448,10 @@ main quota. Additional minutes:
 
 To purchase additional minutes for your group on GitLab.com:
 
-1. From your group, go to **{settings}** **Settings > Usage Quotas**.
+1. From your group, go to **{settings}** **Administration > Usage Quotas**.
 1. Locate the subscription card that's linked to your group on GitLab.com, click **Buy more CI minutes**, and complete the details about the transaction.
 1. Once we have processed your payment, the extra CI minutes will be synced to your group.
-1. To confirm the available CI minutes, go to your group, then **{settings}** **Settings > Usage Quotas**.
+1. To confirm the available CI minutes, go to your group, then **{settings}** **Administration > Usage Quotas**.
    The **Additional minutes** displayed now includes the purchased additional CI minutes, plus any minutes rolled over from last month.
 
 To purchase additional minutes for your personal namespace:
diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md
index c47cbfa9aa8..8d8c735338a 100644
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -255,6 +255,8 @@ configured to act as a remote proxy and add the `Gitlab-DAST-Permission` header.
 
 ### API scan
 
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10928) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.10.
+
 Using an API specification as a scan's target is a useful way to seed URLs for scanning an API.
 Vulnerability rules in an API scan are different than those in a normal website scan.
 
diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md
index cf8d63e1512..1243cf7c2f5 100644
--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -24,7 +24,7 @@ Note the following:
 
 ## Configuring your Identity Provider
 
-1. Navigate to the group and click **Settings > SAML SSO**.
+1. Navigate to the group and click **Administration > SAML SSO**.
 1. Configure your SAML server using the **Assertion consumer service URL** and **Identifier**. Alternatively GitLab provides [metadata XML configuration](#metadata-configuration). See [your identity provider's documentation](#providers) for more details.
 1. Configure the SAML response to include a NameID that uniquely identifies each user.
 1. Configure required assertions using the [table below](#assertions).
@@ -116,7 +116,7 @@ This feature is similar to the [Credentials inventory for self-managed instances
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/34648) in GitLab 12.9.
 
 Groups with group-managed accounts can disallow forking of projects to destinations outside the group.
-To do so, enable the "Prohibit outer forks" option in **Settings > SAML SSO**.
+To do so, enable the "Prohibit outer forks" option in **Administration > SAML SSO**.
 When enabled, projects within the group can only be forked to other destinations within the group (including its subgroups).
 
 ##### Other restrictions for Group-managed accounts
@@ -146,7 +146,7 @@ assertions to be able to create a user.
 
 GitLab provides metadata XML that can be used to configure your Identity Provider.
 
-1. Navigate to the group and click **Settings > SAML SSO**.
+1. Navigate to the group and click **Administration > SAML SSO**.
 1. Copy the provided **GitLab metadata URL**.
 1. Follow your Identity Provider's documentation and paste the metadata URL when it is requested.
 
@@ -154,7 +154,7 @@ GitLab provides metadata XML that can be used to configure your Identity Provide
 
 Once you've set up your identity provider to work with GitLab, you'll need to configure GitLab to use it for authentication:
 
-1. Navigate to the group's **Settings > SAML SSO**.
+1. Navigate to the group's **Administration > SAML SSO**.
 1. Find the SSO URL from your Identity Provider and enter it the **Identity provider single sign on URL** field.
 1. Find and enter the fingerprint for the SAML token signing certificate in the **Certificate** field.
 1. Click the **Enable SAML authentication for this group** toggle switch.
@@ -234,6 +234,13 @@ Set other user attributes and claims according to the [assertions table](#assert
 
 Under Okta's **Single sign on URL** field, check the option **Use this for Recipient URL and Destination URL**.
 
+Please note that Okta's generic SAML app does not have a **Login URL** field, where the **Identity provider single sign on URL** would normally go. The **Identity provider single sign on URL** may be required the first time a user is logging in if they are having any difficulties.
+
+We recommend:
+
+- **Application username** (NameID) set to **Custom** `user.getInternalProperty("id")`.
+- **Name ID Format** set to **Persistent**.
+
 Set attribute statements according to the [assertions table](#assertions).
 
 ### OneLogin setup notes
@@ -281,14 +288,14 @@ If the information information you need isn't listed above you may wish to check
 To link SAML to your existing GitLab.com account:
 
 1. Sign in to your GitLab.com account.
-1. Locate the SSO URL for the group you are signing in to. A group Admin can find this on the group's **Settings > SAML SSO** page.
+1. Locate the SSO URL for the group you are signing in to. A group Admin can find this on the group's **Administration > SAML SSO** page.
 1. Visit the SSO URL and click **Authorize**.
 1. Enter your credentials on the Identity Provider if prompted.
 1. You will be redirected back to GitLab.com and should now have access to the group. In the future, you can use SAML to sign in to GitLab.com.
 
 ## Signing in to GitLab.com with SAML
 
-1. Locate the SSO URL for the group you are signing in to. A group Admin can find this on a group's **Settings > SAML SSO** page. If configured, it might also be possible to sign in to GitLab starting from your Identity Provider.
+1. Locate the SSO URL for the group you are signing in to. A group Admin can find this on a group's **Administration > SAML SSO** page. If configured, it might also be possible to sign in to GitLab starting from your Identity Provider.
 1. Visit the SSO URL and click the **Sign in with Single Sign-On** button.
 1. Enter your credentials on the Identity Provider if prompted.
 1. You will be signed in to GitLab.com and redirected to the group.
diff --git a/doc/user/group/saml_sso/scim_setup.md b/doc/user/group/saml_sso/scim_setup.md
index c8fef453cf4..aea7f1e93e7 100644
--- a/doc/user/group/saml_sso/scim_setup.md
+++ b/doc/user/group/saml_sso/scim_setup.md
@@ -30,7 +30,7 @@ The following identity providers are supported:
 
 Once [Single sign-on](index.md) has been configured, we can:
 
-1. Navigate to the group and click **Settings > SAML SSO**.
+1. Navigate to the group and click **Administration > SAML SSO**.
 1. Click on the **Generate a SCIM token** button.
 1. Save the token and URL so they can be used in the next step.
 
diff --git a/doc/user/project/integrations/prometheus.md b/doc/user/project/integrations/prometheus.md
index 5a070db9439..425687d21b8 100644
--- a/doc/user/project/integrations/prometheus.md
+++ b/doc/user/project/integrations/prometheus.md
@@ -671,7 +671,8 @@ To remove the alert, click back on the alert icon for the desired metric, and cl
 
 #### External Prometheus instances
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/9258) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.8.
+>- [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/9258) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.8.
+>- [Moved](https://gitlab.com/gitlab-org/gitlab/issues/42640) to [GitLab Core](https://about.gitlab.com/pricing/) in 12.10.
 
 For manually configured Prometheus servers, a notify endpoint is provided to use with Prometheus webhooks. If you have manual configuration enabled, an **Alerts** section is added to **Settings > Integrations > Prometheus**. This contains the *URL* and *Authorization Key*. The **Reset Key** button will invalidate the key and generate a new one.