Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/integration/saml.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/integration/saml.md')
-rw-r--r--doc/integration/saml.md26
1 files changed, 16 insertions, 10 deletions
diff --git a/doc/integration/saml.md b/doc/integration/saml.md
index 0c07d203ab0..3423b1bde6d 100644
--- a/doc/integration/saml.md
+++ b/doc/integration/saml.md
@@ -1,8 +1,7 @@
---
stage: Govern
group: Authentication
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
-type: reference
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# SAML SSO for self-managed GitLab instances **(FREE SELF)**
@@ -39,13 +38,15 @@ For more information on:
gitlab_rails['omniauth_block_auto_created_users'] = false
```
-1. Optional. You can automatically link SAML users with existing GitLab users if their
- email addresses match by adding the following setting in `/etc/gitlab/gitlab.rb`:
+1. Optional. You should automatically link a first-time SAML sign-in with existing GitLab users if their
+ email addresses match. To do this, add the following setting in `/etc/gitlab/gitlab.rb`:
```ruby
gitlab_rails['omniauth_auto_link_saml_user'] = true
```
+ Only the GitLab account's primary email address is matched against the email in the SAML response.
+
Alternatively, a user can manually link their SAML identity to an existing GitLab
account by [enabling OmniAuth for an existing user](omniauth.md#enable-omniauth-for-an-existing-user).
@@ -716,12 +717,17 @@ your provider's support.
### Configure assertions
-| Field | Supported default keys |
-|-----------------|------------------------|
-| Email (required)| `email`, `mail` |
-| Full Name | `name` |
-| First Name | `first_name`, `firstname`, `firstName` |
-| Last Name | `last_name`, `lastname`, `lastName` |
+> Microsoft Azure/Entra ID attribute support [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/420766) in GitLab 16.7.
+
+NOTE:
+The attributes are case-sensitive.
+
+| Field | Supported default keys |
+|-----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Email (required)| `email`, `mail`, `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`, `http://schemas.microsoft.com/ws/2008/06/identity/claims/emailaddress` |
+| Full Name | `name`, `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`, `http://schemas.microsoft.com/ws/2008/06/identity/claims/name` |
+| First Name | `first_name`, `firstname`, `firstName`, `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`, `http://schemas.microsoft.com/ws/2008/06/identity/claims/givenname` |
+| Last Name | `last_name`, `lastname`, `lastName`, `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`, `http://schemas.microsoft.com/ws/2008/06/identity/claims/surname` |
See [`attribute_statements`](#map-saml-response-attribute-names) for:
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-14 17:47:56 +0300