diff options
Diffstat (limited to 'doc/user/group/saml_sso/index.md')
-rw-r--r-- | doc/user/group/saml_sso/index.md | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md index 5838b9821de..7795aed5fd0 100644 --- a/doc/user/group/saml_sso/index.md +++ b/doc/user/group/saml_sso/index.md @@ -396,11 +396,10 @@ convert the information to XML. An example SAML response is shown here. By default, users provisioned with SAML or SCIM are sent a verification email to verify their identity. Instead, you can [configure GitLab with a custom domain](../../enterprise_user/index.md#set-up-a-verified-domain) and GitLab automatically confirms user accounts. Users still receive an -[enterprise user](../../enterprise_user/index.md) welcome email. Confirmation is -bypassed for users: +[enterprise user](../../enterprise_user/index.md) welcome email. Confirmation is bypassed if both of the following are true: -- That are provisioned with SAML or SCIM. -- That have an email address that belongs to the verified domain. +- The user is provisioned with SAML or SCIM. +- The user has an email address that belongs to the verified domain. ### Block user access @@ -490,6 +489,18 @@ When the **Enforce SSO-only authentication for web activity for this group** opt - For non-members or users who are not signed in: - SSO is not enforced when they access public group resources. - SSO is enforced when they access private group resources. +- For items in the organization's group hierarchy, dashboard visibility is as + follows: + - SSO is enforced when viewing your [To-Do List](../../todos.md). Your + to-do items are hidden if your SSO session has expired, and an + [alert is shown](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/115254). + - SSO is enforced when viewing your list of assigned issues. Your issues are + hidden if your SSO session has expired. + [Issue 414475](https://gitlab.com/gitlab-org/gitlab/-/issues/414475) proposes to change this + behavior so that issues are visible. + - SSO is not enforced when viewing lists of merge requests where you are the + assignee or your review is requested. You can see merge requests even if + your SSO session has expired. SSO enforcement for web activity has the following effects when enabled: |