diff options
Diffstat (limited to 'doc/user/group/saml_sso/group_sync.md')
-rw-r--r-- | doc/user/group/saml_sso/group_sync.md | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/doc/user/group/saml_sso/group_sync.md b/doc/user/group/saml_sso/group_sync.md index 8bc316f9396..322b417d466 100644 --- a/doc/user/group/saml_sso/group_sync.md +++ b/doc/user/group/saml_sso/group_sync.md @@ -70,9 +70,9 @@ role. Users granted: - A higher role with Group Sync are displayed as having - [direct membership](../../project/members/#display-direct-members) of the group. + [direct membership](../../project/members/index.md#display-direct-members) of the group. - A lower or the same role with Group Sync are displayed as having - [inherited membership](../../project/members/#display-inherited-members) of the group. + [inherited membership](../../project/members/index.md#display-inherited-members) of the group. ### Automatic member removal @@ -167,3 +167,18 @@ graph TB > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/290367) in GitLab 15.3. You can use the GitLab API to [list, add, and delete](../../../api/groups.md#saml-group-links) SAML group links. + +## Troubleshooting + +This section contains possible solutions for problems you might encounter. + +### User that belongs to many SAML groups automatically removed from GitLab group + +When using Azure AD as the SAML identity provider, users that belong to many SAML groups can be automatically removed from your GitLab group. Users are removed from GitLab +groups if the group claim is missing from the user's SAML assertion. + +Because of a [known issue with Azure AD](https://support.esri.com/en/technical-article/000022190), if a user belongs to more than 150 SAML groups, the group claim is not sent +in the user's SAML assertion. + +To work around this issue, allow more than 150 group IDs to be sent in SAML token using configuration steps in the +[Azure AD documentation](https://support.esri.com/en/technical-article/000022190). |