Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/administration/auth/index.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/administration/auth/index.md')
-rw-r--r--doc/administration/auth/index.md30
1 files changed, 29 insertions, 1 deletions
diff --git a/doc/administration/auth/index.md b/doc/administration/auth/index.md
index d469988e719..d09344629e2 100644
--- a/doc/administration/auth/index.md
+++ b/doc/administration/auth/index.md
@@ -2,7 +2,7 @@
comments: false
type: index
stage: Manage
-group: Authentication & Authorization
+group: Authentication and Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
@@ -50,3 +50,31 @@ For more information, see the links shown on this page for each external provide
| **Authentication** | SAML at top-level group (1 provider) | LDAP (multiple providers)<br>Generic OAuth2<br>SAML (only 1 permitted per unique provider)<br>Kerberos<br>JWT<br>Smartcard<br>OmniAuth Providers (only 1 permitted per unique provider) |
| **Provider-to-GitLab Role Sync** | SAML Group Sync | LDAP Group Sync |
| **User Removal** | SCIM (remove user from top-level group) | LDAP (Blocking User from Instance) |
+
+## Change apps or configuration
+
+When GitLab doesn't support having multiple providers (such as OAuth), GitLab configuration and user identification must be
+updated at the same time if the provider or app is changed.
+
+These instructions apply to all methods of authentication where GitLab stores an `extern_uid` and it is the only data used
+for user authentication.
+
+When changing apps within a provider, if the user `extern_uid` does not change, only the GitLab configuration must be
+updated.
+
+To swap configurations:
+
+1. Change provider configuration in your `gitlab.rb` file.
+1. Update `extern_uid` for all users that have an identity in GitLab for the previous provider.
+
+To find the `extern_uid`, look at an existing user's current `extern_uid` for an ID that matches the appropriate field in
+your current provider for the same user.
+
+There are two methods to update the `extern_uid`:
+
+- Using the [Users API](../../api/users.md#user-modification). Pass the provider name and the new `extern_uid`.
+- Using the [Rails console](../operations/rails_console.md):
+
+ ```ruby
+ Identity.where(extern_uid: 'old-id').update!(extern_uid: 'new-id')`
+ ```
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 15:16:35 +0300