diff options
Diffstat (limited to 'doc/user/group')
27 files changed, 283 insertions, 161 deletions
diff --git a/doc/user/group/access_and_permissions.md b/doc/user/group/access_and_permissions.md index 0ccd4512039..428c87143f6 100644 --- a/doc/user/group/access_and_permissions.md +++ b/doc/user/group/access_and_permissions.md @@ -46,7 +46,7 @@ configured by an administrator. To change the permitted Git access protocols for a group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand the **Permissions and group features** section. 1. Choose the permitted protocols from **Enabled Git access protocols**. @@ -71,7 +71,7 @@ Administrators can combine restricted access by IP address with To restrict group access by IP address: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand the **Permissions and group features** section. 1. In the **Restrict access by IP address** text box, enter a list of IPv4 or IPv6 @@ -102,6 +102,15 @@ Keep in mind that restricting group access by IP address has the following impli IP access restrictions applied to self-managed instances are possible with [`gitlab-sshd`](../../administration/operations/gitlab_sshd.md) with [PROXY protocol](../../administration/operations/gitlab_sshd.md#proxy-protocol-support) enabled. - IP restriction is not applicable to shared resources belonging to a group. Any shared resource is accessible to a user even if that user is not able to access the group. +- While IP restrictions apply to public projects, they aren't a complete firewall and cached files for a project may still be accessible to users not in the IP block + +### GitLab.com access restrictions + +On GitLab.com shared runners are added to the [global allowlist](../../administration/settings/visibility_and_access_controls.md#configure-globally-allowed-ip-address-ranges), so that they are available regardless of IP restrictions. + +Artifact and Registry downloading from runners is sourced from any Google or, in the case of MacOS runners, Amazon IP address in that region. +The download is therefore not added to the global allowlist. +To allow runner downloading, add the [outbound runner CIDR ranges](../gitlab_com/index.md#ip-range) to your group allowlist. ## Restrict group access by domain **(PREMIUM ALL)** @@ -113,7 +122,7 @@ You can prevent users with email addresses in specific domains from being added To restrict group access by domain: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand the **Permissions and group features** section. 1. In the **Restrict membership by email** field, enter the domain names. @@ -157,7 +166,7 @@ If you prevent group sharing outside the hierarchy for the **Animals** group: To prevent sharing outside of the group's hierarchy: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand **Permissions and group features**. 1. Select **Members cannot invite groups outside of `<group_name>` and its subgroups**. @@ -173,7 +182,7 @@ which can be confusing and difficult to control. To restrict the permission to invite project members to a single source, prevent a project from being shared with other groups: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand the **Permissions and group features** section. 1. Select **Projects in `<group_name>` cannot be shared with other groups**. @@ -187,7 +196,7 @@ added to a project lose access when the setting is enabled. As a group Owner, you can prevent non-members from requesting access to your group. -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand the **Permissions and group features** section. 1. Clear the **Allow users to request access** checkbox. @@ -207,7 +216,7 @@ If even one is set to `true`, then the group does not allow outside forks. To prevent projects from being forked outside the group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand the **Permissions and group features** section. 1. Check **Prevent project forking outside current group**. @@ -232,7 +241,7 @@ The setting does not cascade. Projects in subgroups observe the subgroup configu To prevent members from being added to projects in a group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand the **Permissions and group features** section. 1. Under **Membership**, select **Users cannot be added to projects in this group**. @@ -254,7 +263,7 @@ For more information on the administration of LDAP and group sync, refer to the NOTE: When you add LDAP synchronization, if an LDAP user is a group member and they are not part of the LDAP group, they are removed from the group. -You can use a workaround to [manage project access through LDAP groups](../project/settings/index.md#manage-project-access-through-ldap-groups). +You can use a workaround to [manage project access through LDAP groups](../project/working_with_projects.md#manage-project-access-through-ldap-groups). ### Create group links via CN **(PREMIUM SELF)** @@ -284,7 +293,7 @@ To create group links via filter: LDAP user permissions can be manually overridden by an administrator. To override a user's permissions: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. On the left sidebar, select **Manage > Members**. If LDAP synchronization has granted a user a role with: - More permissions than the parent group membership, that user is displayed as having diff --git a/doc/user/group/clusters/index.md b/doc/user/group/clusters/index.md index e41991f365c..5c0844dff92 100644 --- a/doc/user/group/clusters/index.md +++ b/doc/user/group/clusters/index.md @@ -21,7 +21,7 @@ your group, enabling you to use the same cluster across multiple projects. To view your group-level Kubernetes clusters: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Operate > Kubernetes**. ## Cluster management project @@ -89,7 +89,7 @@ your cluster, which can cause deployment jobs to fail. To clear the cache: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Operate > Kubernetes**. 1. Select your cluster. 1. Expand **Advanced settings**. diff --git a/doc/user/group/compliance_frameworks.md b/doc/user/group/compliance_frameworks.md index 35e8ad27bc3..7258791a983 100644 --- a/doc/user/group/compliance_frameworks.md +++ b/doc/user/group/compliance_frameworks.md @@ -15,7 +15,7 @@ requirements or needs additional oversight. The label can optionally enforce Compliance frameworks are created on top-level groups. Group owners can create, edit, and delete compliance frameworks: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings** > **General**. 1. Expand the **Compliance frameworks** section. 1. Create, edit, or delete compliance frameworks. @@ -31,7 +31,7 @@ Prerequisite: To assign a compliance framework to a project: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project. +1. On the left sidebar, select **Search or go to** and find your project. 1. Select **Settings** > **General**. 1. Expand **Compliance frameworks**. 1. Select a compliance framework. @@ -66,7 +66,7 @@ A compliance framework that is set to default has a **default** label. Group owners can set a compliance framework as default (or remove the setting): -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand the **Compliance frameworks** section and locate the compliance framework to set (or remove) as default. 1. Select the vertical ellipsis (**{ellipsis_v}**) for the compliance frame and then select **Set default** (or @@ -155,7 +155,7 @@ Therefore, communicate with project users about compliance pipeline configuratio To configure a compliance pipeline: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings** > **General**. 1. Expand the **Compliance frameworks** section. 1. In **Compliance pipeline configuration (optional)**, add the path to the compliance framework configuration. Use the @@ -165,7 +165,7 @@ To configure a compliance pipeline: - `.compliance-ci.yaml@gitlab-org/gitlab`. This configuration is inherited by projects where the compliance framework label is -[applied](../project/settings/index.md#add-a-compliance-framework-to-a-project). In projects with the applied compliance +[applied](../project/working_with_projects.md#add-a-compliance-framework-to-a-project). In projects with the applied compliance framework label, the compliance pipeline configuration is run instead of the labeled project's own pipeline configuration. The user running the pipeline in the labeled project must at least have the Reporter role on the compliance project. diff --git a/doc/user/group/contribution_analytics/index.md b/doc/user/group/contribution_analytics/index.md index 9716143f5e2..96cc9ce974c 100644 --- a/doc/user/group/contribution_analytics/index.md +++ b/doc/user/group/contribution_analytics/index.md @@ -20,7 +20,7 @@ Use contribution analytics data visualizations to: To view contribution analytics: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Analyze > Contribution analytics**. Three bar charts and a table illustrate the number of contributions made by each group member: diff --git a/doc/user/group/custom_project_templates.md b/doc/user/group/custom_project_templates.md index 1a481641111..87c1c548abd 100644 --- a/doc/user/group/custom_project_templates.md +++ b/doc/user/group/custom_project_templates.md @@ -40,7 +40,7 @@ Projects in nested subgroups are not included in the template list. ## Which projects are available as templates - Public and internal projects can be selected by any authenticated user as a template for a new project, - if all [project features](../project/settings/index.md#configure-project-visibility-features-and-permissions) + if all [project features](../project/settings/index.md#configure-project-features-and-permissions) except for **GitLab Pages** and **Security and Compliance** are set to **Everyone With Access**. - Private projects can be selected only by users who are members of the projects. @@ -69,6 +69,35 @@ gitlab.com/myorganization/ ... ``` +## What is copied from the templates + +The entire custom instance-level project templates repository is copied, including: + +- Branches +- Commits +- Tags + +If the user: + +- Has the Owner role on the custom instance-level project templates project or is a GitLab administrator, + all project settings are copied over to the new project. +- Doesn't have the Owner role or is not a GitLab administrator, + project deploy keys and project webhooks aren't copied over because they contain sensitive data. + +To learn more about what is migrated, see +[Items that are exported](../project/settings/import_export.md#items-that-are-exported). + +## User assignments in templates + +When you use a template created by another user, any items that were assigned +to a user in the template are reassigned to you. It's important to understand +this reassignment when you configure security features like protected branches +and tags. For example, if the template contains a protected branch: + +- In the template, the branch allows the _template owner_ to merge into the default branch. +- In the project created from the template, the branch allows _you_ to merge into + the default branch. + <!-- ## Troubleshooting Include any troubleshooting steps that you can foresee. If you know beforehand what issues diff --git a/doc/user/group/devops_adoption/index.md b/doc/user/group/devops_adoption/index.md index 852d26f3816..5359d7b52a0 100644 --- a/doc/user/group/devops_adoption/index.md +++ b/doc/user/group/devops_adoption/index.md @@ -36,7 +36,7 @@ Prerequisite: To view DevOps Adoption: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Analyze > DevOps adoption** ## DevOps Adoption categories @@ -80,7 +80,7 @@ twelve months. The chart only shows data from when you enabled DevOps Adoption f To view feature adoption over time: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Analyze > DevOps adoption**. 1. Select the **Overview** tab. diff --git a/doc/user/group/epics/epic_boards.md b/doc/user/group/epics/epic_boards.md index 41231db5964..69b64861bd5 100644 --- a/doc/user/group/epics/epic_boards.md +++ b/doc/user/group/epics/epic_boards.md @@ -25,7 +25,7 @@ On the top of each list, you can see the number of epics in the list (**{epic}** To view an epic board: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Plan > Epic boards**.  @@ -38,7 +38,7 @@ Prerequisites: To create a new epic board: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Plan > Epic boards**. 1. In the upper-left corner, select the dropdown list with the current board name. 1. Select **Create new board**. @@ -87,7 +87,7 @@ Prerequisites: To create a new list: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Plan > Epic boards**. 1. In the upper-right corner, select **Create list**. 1. In the **New list** column expand the **Select a label** dropdown list and select the label to use as diff --git a/doc/user/group/epics/manage_epics.md b/doc/user/group/epics/manage_epics.md index e6116151012..b79177e1571 100644 --- a/doc/user/group/epics/manage_epics.md +++ b/doc/user/group/epics/manage_epics.md @@ -209,7 +209,7 @@ Prerequisites: To view epics in a group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Plan > Epics**. ### Who can view an epic @@ -254,7 +254,7 @@ You can filter the list of epics by: To filter: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Plan > Epics**. 1. Select the field **Search or filter results**. 1. From the dropdown list, select the scope or enter plain text to search by epic title or description. diff --git a/doc/user/group/import/index.md b/doc/user/group/import/index.md index b645ea04038..a049b4afcc1 100644 --- a/doc/user/group/import/index.md +++ b/doc/user/group/import/index.md @@ -30,7 +30,7 @@ If you migrate from GitLab.com to self-managed GitLab, an administrator can crea > - `bulk_import_projects` feature flag [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/339941) in GitLab 15.10. On self-managed GitLab, by default [migrating group items](#migrated-group-items) is not available. To show the -feature, an administrator can [enable it in application settings](../../../administration/settings/visibility_and_access_controls.md#enable-migration-of-groups-and-projects-by-direct-transfer). +feature, an administrator can [enable it in application settings](../../../administration/settings/import_and_export_settings.md#enable-migration-of-groups-and-projects-by-direct-transfer). Migrating groups by direct transfer copies the groups from one place to another. You can: @@ -47,7 +47,7 @@ Migrating groups by direct transfer copies the groups from one place to another. Not all group and project resources are copied. See list of copied resources below: - [Migrated group items](#migrated-group-items). -- [Migrated project items](#migrated-project-items-beta). +- [Migrated project items](#migrated-project-items). WARNING: Importing groups with projects is in [Beta](../../../policy/experiment-beta-support.md#beta). This feature is not @@ -157,16 +157,20 @@ To migrate groups by direct transfer: - The network connection between instances or GitLab.com must support HTTPS. - Any firewalls must not block the connection between the source and destination GitLab instances. - Both GitLab instances must have group migration by direct transfer - [enabled in application settings](../../../administration/settings/visibility_and_access_controls.md#enable-migration-of-groups-and-projects-by-direct-transfer) + [enabled in application settings](../../../administration/settings/import_and_export_settings.md#enable-migration-of-groups-and-projects-by-direct-transfer) by an instance administrator. - The source GitLab instance must be running GitLab 14.0 or later. -- You must have a [personal access token](../../../user/profile/personal_access_tokens.md) for the source GitLab - instance: - - For GitLab 15.1 and later source instances, the personal access token must have the `api` scope. - - For GitLab 15.0 and earlier source instances, the personal access token must have both the `api` and - `read_repository` scopes. +- You must have a + [personal access token](../../../user/profile/personal_access_tokens.md) for + the source GitLab instance: + - For GitLab 15.1 and later source instances, the personal access token must + have the `api` scope. + - For GitLab 15.0 and earlier source instances, the personal access token must + have both the `api` and `read_repository` scopes. - You must have the Owner role on the source group to migrate from. -- You must have at least the Maintainer role on the destination group to migrate to. +- Your must have a role on the destination namespace the enables you to + [create a subgroup](../../group/subgroups/index.md#create-a-subgroup) in that + namespace. ### Prepare user accounts @@ -287,7 +291,7 @@ Some group items are excluded from migration because they either: - May contain sensitive information: CI/CD variables, webhooks, and deploy tokens. - Are not supported: push rules. -### Migrated project items (Beta) +### Migrated project items **(BETA)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/267945) in GitLab 14.4 [with a flag](../../feature_flags.md) named `bulk_import_projects`. Disabled by default. > - [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/339941) in GitLab 15.6. @@ -460,7 +464,7 @@ To solve this, you must change the source group path to include a non-numerical - The GitLab UI: - 1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. + 1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand **Advanced**. 1. Under **Change group URL**, change the group URL to include non-numeric characters. @@ -593,7 +597,7 @@ Prerequisite: To enable import and export for a group: -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. On the left sidebar, select **Search or go to**. 1. Select **Admin Area**. 1. On the left sidebar, select **Settings > General**. 1. Expand **Visibility and access controls**. @@ -607,7 +611,7 @@ Prerequisites: To export the contents of a group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. In the **Advanced** section, select **Export group**. 1. After the export is generated, you should receive an email with a link to the [exported contents](#exported-contents) diff --git a/doc/user/group/index.md b/doc/user/group/index.md index 13fba43f8ef..484fd8c533b 100644 --- a/doc/user/group/index.md +++ b/doc/user/group/index.md @@ -49,14 +49,14 @@ the immediate parent group. To explore all public groups: -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **View all your groups**. +1. On the left sidebar, select **Search or go to**. +1. Select **View all my groups**. 1. At the top right, select **Explore groups**. To view groups where you have a direct or indirect membership: -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **View all your groups**. +1. On the left sidebar, select **Search or go to**. +1. Select **View all my groups**. This page shows groups that you are a member of: @@ -67,7 +67,7 @@ This page shows groups that you are a member of: To view the activity of a project: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Manage > Activity**. 1. Optional. To filter activity by contribution type, select a tab: @@ -106,7 +106,7 @@ For details about groups, watch [GitLab Namespaces (users, groups and subgroups) To remove a group and its contents: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Advanced** section. 1. In the **Remove group** section, select **Remove group**. @@ -115,8 +115,8 @@ To remove a group and its contents: A group can also be removed from the groups dashboard: -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **View all your groups**. +1. On the left sidebar, select **Search or go to**. +1. Select **View all my groups**. 1. Select (**{ellipsis_v}**) for the group you want to delete. 1. Select **Delete**. 1. In the Remove group section, select **Remove group**. @@ -143,7 +143,7 @@ Prerequisites: To immediately remove a group marked for deletion: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand **Advanced**. 1. In the "Permanently remove group" section, select **Remove group**. @@ -158,7 +158,7 @@ are deleted. To restore a group that is marked for deletion: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand the **Advanced** section. 1. In the Restore group section, select **Restore group**. @@ -167,10 +167,12 @@ To restore a group that is marked for deletion: As a user, you can request to be a member of a group, if an administrator allows it. -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **View all your groups**. +1. On the left sidebar, select **Search or go to**. +1. Select **View all my groups**. 1. At the top right side, select **Explore groups**. -1. Under the group name, select **Request Access**. +1. Search for the group by name. +1. In the search results, select the name of the group. +1. On the group page, under the group name, select **Request Access**. As many as ten of the most-recently-active group owners receive an email with your request. Any group owner can approve or decline the request. @@ -182,7 +184,7 @@ If you change your mind before your request is approved, select To view a group's members: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Manage > Members**. A table displays the member's: @@ -219,7 +221,7 @@ In lists of group members, entries can display the following badges: - **SAML**, to indicate the member has a [SAML account](saml_sso/index.md) connected to them. - **Enterprise**, to indicate that the member is an [enterprise user](../enterprise_user/index.md). -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Manage > Members**. 1. Above the list of members, in the **Filter members** box, enter filter criteria. - To view members in the group only, select **Membership = Direct**. @@ -231,7 +233,7 @@ In lists of group members, entries can display the following badges: You can search for members by name, username, or [public email](../profile/index.md#set-your-public-email). -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Manage > Members**. 1. Above the list of members, in the **Filter members** box, enter search criteria. 1. To the right of the **Filter members** box, select the magnifying glass (**{search}**). @@ -240,7 +242,7 @@ You can search for members by name, username, or [public email](../profile/index You can sort members by **Account**, **Access granted**, **Max role**, or **Last sign-in**. -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Manage > Members**. 1. Above the list of members, in the upper-right corner, from the **Account** list, select the criteria to filter by. @@ -257,7 +259,7 @@ Prerequisite: - You must have the Owner role. -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Manage > Members**. 1. Select **Invite members**. 1. Fill in the fields. @@ -287,7 +289,7 @@ Prerequisites: To remove a member from a group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Manage > Members**. 1. Next to the member you want to remove, select the vertical ellipsis (**{ellipsis_v}**). 1. Select **Remove member**. @@ -325,7 +327,7 @@ By default, users with: To change the role that can create projects under a group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand the **Permissions and group features** section. 1. Select the desired option in the **Roles allowed to create projects** dropdown list. diff --git a/doc/user/group/insights/index.md b/doc/user/group/insights/index.md index 5cb982a85e4..2ded1b08de2 100644 --- a/doc/user/group/insights/index.md +++ b/doc/user/group/insights/index.md @@ -23,7 +23,7 @@ Prerequisites: To access your group's insights: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Analyze > Insights**. ## Interact with insights charts @@ -65,7 +65,7 @@ To configure group insights: 1. Create a new file [`.gitlab/insights.yml`](../../project/insights/index.md#configure-project-insights) in a project that belongs to your group. -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand **Analytics** and find the **Insights** section. 1. Select the project that contains your `.gitlab/insights.yml` configuration file. diff --git a/doc/user/group/issues_analytics/img/issues_closed_analytics_v16_4.png b/doc/user/group/issues_analytics/img/issues_closed_analytics_v16_4.png Binary files differnew file mode 100644 index 00000000000..5e1fe4eaa8c --- /dev/null +++ b/doc/user/group/issues_analytics/img/issues_closed_analytics_v16_4.png diff --git a/doc/user/group/issues_analytics/index.md b/doc/user/group/issues_analytics/index.md index 46ba1747b06..4f1c7b4be7a 100644 --- a/doc/user/group/issues_analytics/index.md +++ b/doc/user/group/issues_analytics/index.md @@ -1,7 +1,7 @@ --- type: reference stage: Plan -group: Project Management +group: Optimize info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- @@ -15,9 +15,11 @@ prior. To access the chart: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. On the left sidebar, select **Analyze > Issue analytics**. +You can also access the chart from the [Value Streams Dashboard](../../analytics/value_streams_dashboard.md) through the **New issues** drill-down report. + Hover over each bar to see the total number of issues. To narrow the scope of issues included in the graph, enter your criteria in the @@ -36,6 +38,20 @@ shows a total of 15 months for the chart in the GitLab.org group.  +## Enhanced issue analytics **(ULTIMATE ALL)** + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/233905/) in GitLab 16.4 [with a flag](../../../administration/feature_flags.md) named `issues_completed_analytics_feature_flag`. Disabled by default. + +FLAG: +On self-managed GitLab, by default this feature is not available. To make it available, an administrator can +[enable the feature flag](../../../administration/feature_flags.md) named `issues_completed_analytics_feature_flag`. On GitLab.com, this feature is not +available. This feature is not ready for production use. + +Enhanced issue analytics display the additional metric "Issues closed", which represents the total number of resolved issues in your group over a selected period. +You can use this metric to improve the overall turn-around time and value delivered to your customers. + + + ## Drill into the information > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/196547) in GitLab 13.1. diff --git a/doc/user/group/iterations/index.md b/doc/user/group/iterations/index.md index 91e69f3a02d..8c0838cf33c 100644 --- a/doc/user/group/iterations/index.md +++ b/doc/user/group/iterations/index.md @@ -50,7 +50,7 @@ Prerequisites: To create an iteration cadence: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Plan > Iterations**. 1. Select **New iteration cadence**. 1. Enter the title and description of the iteration cadence. @@ -70,7 +70,7 @@ If you want to manually manage the created cadence, read [Manual Iteration Manag ### View the iterations list -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Plan > Iterations**. To view all the iterations in a cadence, ordered by descending date, select that iteration cadence. @@ -78,7 +78,7 @@ From there you can create a new iteration or select an iteration to get a more d NOTE: If a project has issue tracking -[turned off](../../project/settings/index.md#configure-project-visibility-features-and-permissions), +[turned off](../../project/settings/index.md#configure-project-features-and-permissions), to view the iterations list, enter its URL. To do so, add: `/-/cadences` to your project or group URL. For example `https://gitlab.com/gitlab-org/sample-data-templates/sample-gitlab-project/-/cadences`. This is tracked in [issue 339009](https://gitlab.com/gitlab-org/gitlab/-/issues/339009). @@ -91,7 +91,7 @@ Prerequisites: To edit an iteration cadence: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Plan > Iterations**. 1. Select **Edit iteration cadence**. @@ -105,7 +105,7 @@ doesn't delete the eight existing upcoming iterations. #### Turn on and off automatic scheduling for an iteration cadence -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Plan > Iterations**. 1. Next to the cadence for which you want to turn on or off automatic scheduling, select the three-dot menu (**{ellipsis_v}**) **> Edit cadence**. @@ -157,7 +157,7 @@ Deleting an iteration cadence also deletes all iterations within that cadence. To delete an iteration cadence: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Plan > Iterations**. 1. Select the three-dot menu (**{ellipsis_v}**) > **Delete cadence** for the cadence you want to delete. 1. Select **Delete cadence**. @@ -178,7 +178,7 @@ Prerequisites: To create an iteration: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. On the left sidebar, select **Plan > Iterations** and select an iteration cadence. 1. Select **New iteration**. 1. Enter the title, a description (optional), a start date, and a due date. @@ -277,7 +277,7 @@ and get a more accurate understanding of scope attributable to each label. To group issues by label: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Plan > Iterations**. 1. In the **Group by** dropdown list, select **Label**. 1. Select the **Filter by label** dropdown list. diff --git a/doc/user/group/manage.md b/doc/user/group/manage.md index 743aabd8f4b..65190847b05 100644 --- a/doc/user/group/manage.md +++ b/doc/user/group/manage.md @@ -29,7 +29,7 @@ Prerequisite: To add a group README: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. In the **Group README** section, select **Add README**. This action creates a new project `gitlab-profile` that contains the `README.md` file. 1. On the prompt for creating a README, select **Create and add README**. You're redirected to the Web IDE, where a README file is created. @@ -41,12 +41,12 @@ You can change the owner of a group. Each group must always have at least one member with the Owner role. - As an administrator: - 1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. + 1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Manage > Members**. 1. Give a different member the **Owner** role. 1. Refresh the page. You can now remove the **Owner** role from the original owner. - As the current group's owner: - 1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. + 1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Manage > Members**. 1. Give a different member the **Owner** role. 1. Have the new owner sign in and remove the **Owner** role from you. @@ -72,7 +72,7 @@ create a new group and transfer projects to it instead. To change your group path (group URL): -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand the **Advanced** section. 1. Under **Change group URL**, enter a new name. @@ -130,14 +130,15 @@ After sharing the `Frontend` group with the `Engineering` group: - The **Groups** tab lists the `Engineering` group. - The **Groups** tab lists a group regardless of whether it is a public or private group. -- All direct members of the `Engineering` group have access to the `Frontend` group. Direct members of `Engineering` that gain access to the `Frontend` group keep their same access level as in `Engineering`, but up to the maximum access level selected when sharing the group. Inherited members of the `Engineering` group do not gain access to the `Frontend` group. +- All direct members of the `Engineering` group have access to the `Frontend` group. Direct members of `Engineering` that gain access to the `Frontend` group keep their same access level as in `Engineering`, but up to the maximum access level selected when sharing the group. +- Inherited members of the `Engineering` group do not gain access to the `Frontend` group. - Direct members of the `Engineering` group who have the **Group Invite** badge next to their profile on the group's usage quota page count towards the billable members of the `Frontend` group. ## Remove a shared group To unshare a group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Manage > Members**. 1. Select the **Groups** tab. 1. To the right of the account you want to remove, select **Remove group** (**{remove}**). @@ -174,7 +175,7 @@ When transferring groups, note: To transfer a group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand the **Advanced** section. 1. In the **Remove group** section, select **Transfer group**. @@ -189,7 +190,7 @@ You can disable all email notifications related to the group, which includes its To disable email notifications: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand the **Permissions and group features** section. 1. Select **Email notifications are disabled**. @@ -209,7 +210,7 @@ This is particularly helpful for groups with a large number of users. To disable group mentions: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand the **Permissions and group features** section. 1. Select **Group mentions are disabled**. @@ -222,7 +223,7 @@ To disable group mentions: You can export a list of members in a group or subgroup as a CSV. -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group or subgroup. +1. On the left sidebar, select **Search or go to** and find your group or subgroup. 1. On the left sidebar, **Manage > Members**. 1. Select **Export as CSV**. 1. After the CSV file has been generated, it is emailed as an attachment to the user that requested it. @@ -252,7 +253,7 @@ Prerequisite: To specify a user cap: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. You can set a cap on the top-level group only. 1. Select **Settings > General**. 1. Expand **Permissions and group features**. @@ -274,7 +275,7 @@ Prerequisite: To remove the user cap: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand **Permissions and group features**. 1. In the **User cap** box, delete the value. @@ -295,7 +296,7 @@ Prerequisite: To approve members that are pending because they've exceeded the user cap: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. On the left sidebar, select **Settings > Usage Quotas**. 1. On the **Seats** tab, under the alert, select **View pending approvals**. 1. For each member you want to approve, select **Approve**. @@ -336,7 +337,7 @@ For more information, see [group-level project templates](custom_project_templat To enable group file templates: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand the **Templates** section. 1. Choose a project to act as the template repository. @@ -369,7 +370,7 @@ Prerequisites: To enable this setting: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand **Merge requests**. 1. Under **Merge checks**, select **Pipelines must succeed**. @@ -388,7 +389,7 @@ Prerequisite: To change this behavior: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand **Merge requests**. 1. Under **Merge checks**: @@ -407,7 +408,7 @@ Prerequisite: To enable this setting: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand **Merge requests**. 1. Under **Merge checks**, select **All threads must be resolved**. @@ -425,7 +426,7 @@ that belong to the group. To view the merge request approval settings for a group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand the **Merge request approvals** section. 1. Select the settings you want. @@ -443,19 +444,19 @@ for the ability to set merge request approval rules for groups is tracked in WARNING: This feature is in [Beta](../../policy/experiment-beta-support.md#beta). -Beta users should read about the [known limitations](../project/repository/code_suggestions.md#known-limitations). -We look forward to hearing your [feedback](../project/repository/code_suggestions.md#feedback). +Beta users should read about the [known limitations](../project/repository/code_suggestions/index.md#known-limitations). +We look forward to hearing your [feedback](../project/repository/code_suggestions/index.md#feedback). -You can give all users in a group and its subgroups access to [Code Suggestions](../project/repository/code_suggestions.md). +You can give all users in a group and its subgroups access to [Code Suggestions](../project/repository/code_suggestions/index.md). - This setting [cascades to all projects](../project/merge_requests/approvals/settings.md#settings-cascading) in the group. - Each user can - [enable or disable Code Suggestions for themselves](../project/repository/code_suggestions.md#enable-code-suggestions-for-an-individual-user). + [Enable Code Suggestions](../../user/profile/preferences.md#enable-code-suggestions). To enable Code Suggestions for a group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand **Permissions and group features**. 1. Under **Code Suggestions**, select the **Projects in this group can use Code Suggestions** checkbox. @@ -476,7 +477,7 @@ that belong to the group. To enable Experiment features for a top-level group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand **Permissions and group features**. 1. Under **Experiment features**, select the **Use Experiment features** checkbox. @@ -496,7 +497,7 @@ that belong to the group. To disable third-party AI features for a group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand **Permissions and group features**. 1. Under **Third-party AI services**, uncheck the **Use third-party AI services** checkbox. @@ -521,7 +522,7 @@ Changes to [group wikis](../project/wiki/group.md) do not appear in group activi You can view the most recent actions taken in a group, either in your browser or in an RSS feed: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. On the left sidebar, select **Manage > Activity**. To view the activity feed in Atom format, select the diff --git a/doc/user/group/moderate_users.md b/doc/user/group/moderate_users.md index 7e67bb6ddb5..6859125b323 100644 --- a/doc/user/group/moderate_users.md +++ b/doc/user/group/moderate_users.md @@ -1,5 +1,5 @@ --- -stage: Anti-Abuse +stage: Govern group: Anti-Abuse info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- diff --git a/doc/user/group/reporting/git_abuse_rate_limit.md b/doc/user/group/reporting/git_abuse_rate_limit.md index abb967ad8b1..1b14edb04d9 100644 --- a/doc/user/group/reporting/git_abuse_rate_limit.md +++ b/doc/user/group/reporting/git_abuse_rate_limit.md @@ -1,5 +1,5 @@ --- -stage: Anti-Abuse +stage: Govern group: Anti-Abuse info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- diff --git a/doc/user/group/repositories_analytics/index.md b/doc/user/group/repositories_analytics/index.md index 3e7bacbb817..6f02b27a214 100644 --- a/doc/user/group/repositories_analytics/index.md +++ b/doc/user/group/repositories_analytics/index.md @@ -37,7 +37,7 @@ The **Analyze > Repository analytics** group page displays the average test cove To see the latest code coverage for each project in your group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Analyze > Repository analytics**. 1. In the **Latest test coverage results** section, from the **Select projects** dropdown list, choose the projects you want to check. @@ -52,7 +52,7 @@ You can get a CSV of the code coverage data for all of the projects in your grou To get the report: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Analyze > Repository analytics**. 1. Select **Download historic test coverage data (.csv)**. 1. Select the projects and date range you want to include in the report. diff --git a/doc/user/group/saml_sso/example_saml_config.md b/doc/user/group/saml_sso/example_saml_config.md index c5f84510c57..70e01e1d9a9 100644 --- a/doc/user/group/saml_sso/example_saml_config.md +++ b/doc/user/group/saml_sso/example_saml_config.md @@ -1,5 +1,5 @@ --- -stage: Manage +stage: Govern group: Authentication and Authorization info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments type: reference diff --git a/doc/user/group/saml_sso/group_sync.md b/doc/user/group/saml_sso/group_sync.md index c3edc01fe74..335c989c85f 100644 --- a/doc/user/group/saml_sso/group_sync.md +++ b/doc/user/group/saml_sso/group_sync.md @@ -1,6 +1,6 @@ --- type: reference, howto -stage: Manage +stage: Govern group: Authentication and Authorization info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- @@ -155,10 +155,11 @@ To integrate Microsoft Azure AD, you: To configure for a GitLab.com group: -1. Configure [SAML SSO for the group](../../../user/group/saml_sso/index.md). -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your top-level group. +1. On the left sidebar, select **Search or go to** and find your top-level group. 1. Select **Settings > SAML SSO**. +1. Configure [SAML SSO for the group](../../../user/group/saml_sso/index.md). 1. In the **Microsoft Azure integration** section, select the **Enable Microsoft Azure integration for this group** checkbox. + This section will only be visible if SAML SSO is configured and enabled for the group. 1. Enter the **Tenant ID**, **Client ID**, and **Client secret** obtained earlier when configuring Azure Active Directory in the Azure Portal. 1. Optional. If using Azure AD for US Government or Azure AD China, enter the appropriate **Login API endpoint** and **Graph API endpoint**. The default values work for most organizations. 1. Select **Save changes**. @@ -166,7 +167,7 @@ To configure for a GitLab.com group: To configure for self-managed: 1. Configure [SAML SSO for the instance](../../../integration/saml.md). -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. On the left sidebar, select **Search or go to**. 1. Select **Admin Area**. 1. Select **Settings > General**. 1. In the **Microsoft Azure integration** section, select the **Enable Microsoft Azure integration for this group** checkbox. @@ -197,7 +198,7 @@ When global group memberships lock is enabled: To enable global group memberships lock: 1. [Configure SAML](../../../integration/saml.md) for your self-managed GitLab instance. -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. On the left sidebar, select **Search or go to**. 1. Select **Admin Area**. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Visibility and access controls** section. diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md index 41c2090f4bc..734679cf331 100644 --- a/doc/user/group/saml_sso/index.md +++ b/doc/user/group/saml_sso/index.md @@ -1,5 +1,5 @@ --- -stage: Manage +stage: Govern group: Authentication and Authorization info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- @@ -38,7 +38,7 @@ If you are having issues setting up your identity provider, see the To set up SSO with Azure as your identity provider: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > SAML SSO**. 1. Note the information on this page. 1. Go to Azure and [follow the instructions for configuring SSO for an application](https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-setup-sso). The following GitLab settings correspond to the Azure fields. @@ -71,7 +71,7 @@ For more information, see an [example configuration page](example_saml_config.md To set up Google Workspace as your identity provider: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > SAML SSO**. 1. Note the information on this page. 1. Follow the instructions for [setting up SSO with Google as your identity provider](https://support.google.com/a/answer/6087519?hl=en). The following GitLab settings correspond to the Google Workspace fields. @@ -115,7 +115,7 @@ View a demo of [how to configure SAML with Google Workspaces and set up Group Sy To set up SSO with Okta as your identity provider: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > SAML SSO**. 1. Note the information on this page. 1. Follow the instructions for [setting up a SAML application in Okta](https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/). @@ -152,7 +152,7 @@ OneLogin supports its own [GitLab (SaaS) application](https://onelogin.service-n To set up OneLogin as your identity provider: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > SAML SSO**. 1. Note the information on this page. 1. If you use the OneLogin generic @@ -179,7 +179,7 @@ To set up OneLogin as your identity provider: To configure some identity providers, you need a GitLab metadata URL. To find this URL: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > SAML SSO**. 1. Copy the provided **GitLab metadata URL**. 1. Follow your identity provider's documentation and paste the metadata URL when it's requested. @@ -217,7 +217,7 @@ If the **NameID** is configured with the email address, [change the **NameID** f After you set up your identity provider to work with GitLab, you must configure GitLab to use it for authentication: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > SAML SSO**. 1. Complete the fields: - In the **Identity provider single sign-on URL** field, enter the SSO URL from your identity provider. diff --git a/doc/user/group/saml_sso/scim_setup.md b/doc/user/group/saml_sso/scim_setup.md index 9096824cc2c..a9b9bf26444 100644 --- a/doc/user/group/saml_sso/scim_setup.md +++ b/doc/user/group/saml_sso/scim_setup.md @@ -1,5 +1,5 @@ --- -stage: Manage +stage: Govern group: Authentication and Authorization info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- @@ -10,12 +10,14 @@ You can use the open standard System for Cross-domain Identity Management (SCIM) - Create users. - Remove users (deactivate SCIM identity). +- Re-add users (reactivate SCIM identity). GitLab SAML SSO SCIM doesn't support updating users. When SCIM is enabled for a GitLab group, membership of that group is synchronized between GitLab and an identity provider. The [internal GitLab group SCIM API](../../../development/internal_api/index.md#group-scim-api) implements part of [the RFC7644 protocol](https://www.rfc-editor.org/rfc/rfc7644). +Identity providers can use the [internal GitLab group SCIM API](../../../development/internal_api/index.md#group-scim-api) to develop a SCIM app. ## Configure GitLab @@ -25,7 +27,7 @@ Prerequisites: To configure GitLab SAML SSO SCIM: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > SAML SSO**. 1. Select **Generate a SCIM token**. 1. For configuration of your identity provider, save the: @@ -40,7 +42,7 @@ You can configure one of the following as an identity provider: - [Okta](#configure-okta). NOTE: -Other providers can work with GitLab but they have not been tested and are not supported. +Other providers can work with GitLab but they have not been tested and are not supported. You should contact the provider for support. GitLab support can assist by reviewing related log entries. ### Configure Azure Active Directory @@ -165,7 +167,8 @@ To configure Okta for SCIM: During the synchronization process, all new users: - Receive GitLab accounts. -- Are welcomed to their groups with an invitation email. You may want to warn your employees to expect this email. +- Are welcomed to their groups with an invitation email. + You can [bypass email confirmation with a verified domain](index.md#bypass-user-email-confirmation-with-verified-domains). The following diagram describes what happens when you add users to your SCIM app: @@ -216,10 +219,11 @@ Remove or deactivate a user on the identity provider to remove their access to: - The top-level group. - All subgroups and projects. -After the identity provider performs a sync based on its configured schedule, the user's membership is revoked and they -lose access. +After the identity provider performs a sync based on its configured schedule, +the user's membership is revoked and they lose access. -When you enable SCIM, this does not automatically remove existing users who do not have a SAML identity. +When you enable SCIM, this does not automatically remove existing users who do +not have a SAML identity. NOTE: Deprovisioning does not delete the GitLab user account. @@ -230,3 +234,14 @@ graph TD B -->|No| C[Nothing to do] B -->|Yes| D[GitLab removes user from GitLab group] ``` + +### Reactivate access + +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/379149) in GitLab 16.0 [with a flag](../../feature_flags.md) named `skip_saml_identity_destroy_during_scim_deprovision`. Disabled by default. +> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121226) in GitLab 16.4. Feature flag `skip_saml_identity_destroy_during_scim_deprovision` removed. + +After a user is removed or deactivated through SCIM, you can reactivate that user by +adding them to the SCIM identity provider. + +After the identity provider performs a sync based on its configured schedule, +the user's SCIM identity is reactivated and their group memberships are restored. diff --git a/doc/user/group/saml_sso/troubleshooting.md b/doc/user/group/saml_sso/troubleshooting.md index 82703893834..cf9b9f5d4eb 100644 --- a/doc/user/group/saml_sso/troubleshooting.md +++ b/doc/user/group/saml_sso/troubleshooting.md @@ -1,6 +1,6 @@ --- type: reference -stage: Manage +stage: Govern group: Authentication and Authorization info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- @@ -217,6 +217,18 @@ to [reset their password](https://gitlab.com/users/password/new) if both: - The account was provisioned by SCIM. - They are signing in with username and password for the first time. +### Message: "SAML Name ID and email address do not match your user account" **(PREMIUM SAAS)** + +Users might get an error that states "SAML Name ID and email address do not match your user account. Contact an administrator." +This means: + +- The NameID value sent by SAML does not match the existing SAML identity `extern_uid` value. +- Either the SAML response did not include an email address or the email address did not match the user's GitLab email address. + +The workaround is that a GitLab group Owner uses the [SAML API](../../../api/saml.md) to update the user's SAML `extern_uid`. +The `extern_uid` value must match the Name ID value sent by the SAML identity provider (IdP). Depending on the IdP configuration +this may be a generated unique ID, an email address, or other value. + ## Other user sign in issues ### Verify `NameID` @@ -254,12 +266,24 @@ If all users are receiving a `404` after signing in to the identity provider (Id - In the GitLab configuration by [matching it to the HTTPS endpoint of GitLab](../../../integration/saml.md#configure-saml-support-in-gitlab). - As the `Assertion Consumer Service URL` or equivalent when setting up the SAML app on your IdP. -- Verify if the `404` is related to [the user having too many groups assigned to them in their Azure IdP](group_sync.md#user-that-belongs-to-many-saml-groups-automatically-removed-from-gitlab-group) by checking: +- Verify if the `404` is related to [the user having too many groups assigned to them in their Azure IdP](group_sync.md#user-that-belongs-to-many-saml-groups-automatically-removed-from-gitlab-group). + +If a subset of users are receiving a `404` after signing in to the IdP, first verify audit events if the user gets added to the group and then immediately removed. Alternatively, if the user can successfully sign in, but they do not show as [a member of the top-level group](../index.md#search-a-group): - - If the user has group links configured. - - Audit events if the user gets added to the group and then immediately removed. +- Ensure the user has been [added to the SAML identity provider](index.md#user-access-and-management), and [SCIM](scim_setup.md) if configured. +- Ensure the user's SCIM identity's `active` attribute is `true` using the [SCIM API](../../../api/scim.md). + If the `active` attribute is `false`, you can do one of the following to possibly resolve the issue: -For configuration examples for some of the common providers, see the [example group SAML and SCIM configurations](example_saml_config.md). + - Trigger a sync for the user in the SCIM identity provider. For example, Azure has a "Provision on demand" option. + - Remove and re-add the user in the SCIM identity provider. + - Have the user [unlink their account](index.md#unlink-accounts) if possible, then [link their account](index.md#link-saml-to-your-existing-gitlabcom-account). + - Use the [internal SCIM API](../../../development/internal_api/index.md#update-a-single-scim-provisioned-user) to update the user's SCIM identity using your group's SCIM token. + If you do not know your group's SCIM token, reset the token and update the SCIM identity provider app with the new token. + Example request: + + ```plaintext + curl --request PATCH "https://gitlab.example.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" --header "Authorization: Bearer <SCIM_TOKEN>" --data '{ "Operations": [{"op":"Replace","path":"active","value":"true"}] }' + ``` ### 500 error after login **(FREE SELF)** @@ -283,6 +307,21 @@ Make sure the ACS URL points to `https://gitlab.example.com/users/auth/saml/call If the ACS URL is correct, and you still have errors, review the other Troubleshooting sections. +#### 422 error with non-allowed email + +You might get an 422 error that states "Email is not allowed for sign-up. Please use your regular email address." + +This message might indicate that you must add or remove a domain from your domain allowlist or denylist settings. + +To implement this workaround: + +1. On the left sidebar, select **Search or go to**. +1. Select **Admin Area**. +1. Select **Settings** > **General**. +1. Expand **Sign-up restrictions**. +1. Add or remove a domain as appropriate to **Allowed domains for sign-ups** and **Denied domains for sign-ups**. +1. Select **Save changes**. + ### User is blocked when signing in through SAML **(FREE SELF)** The following are the most likely reasons that a user is blocked when signing in through SAML: @@ -298,18 +337,6 @@ Pay particular attention to the following 403 errors: - `app_not_configured` - `app_not_configured_for_user` -## SAML Name ID and email address do not match your user account **(PREMIUM SAAS)** - -If users encounter the error `SAML Name ID and email address do not match your user account. Contact an administrator.` -this means: - -- The NameID value sent by SAML does not match the existing SAML identity `extern_uid` value. -- Either the SAML response did not include an email address or the email address did not match the user's GitLab email address. - -A GitLab group Owner can use the [SAML API](../../../api/saml.md) to update the user's SAML `extern_uid`. -The `extern_uid` value must match the Name ID value sent by the SAML identity provider (IdP). Depending on the IdP configuration -this may be a generated unique ID, an email address, or other value. - ## Message: "The member's email address is not linked to a SAML account" **(PREMIUM SAAS)** This error appears when you try to invite a user to a GitLab.com group (or subgroup or project within a group) that has [SAML SSO enforcement](index.md#sso-enforcement) enabled. @@ -318,3 +345,6 @@ If you see this message after trying to invite a user to a group: 1. Ensure the user has been [added to the SAML identity provider](index.md#user-access-and-management). 1. Ask the user to [link SAML to their existing GitLab.com account](index.md#link-saml-to-your-existing-gitlabcom-account), if they have one. Otherwise, ask the user to create a GitLab.com account by [accessing GitLab.com through the identity provider's dashboard](index.md#user-access-and-management), or by [signing up manually](https://gitlab.com/users/sign_up) and linking SAML to their new account. +1. Ensure the user is a [member of the top-level group](../index.md#search-a-group). + +Additionally, see [troubleshooting users receiving a 404 after sign in](#users-receive-a-404). diff --git a/doc/user/group/saml_sso/troubleshooting_scim.md b/doc/user/group/saml_sso/troubleshooting_scim.md index 7d2aa8faa99..63d10f3e932 100644 --- a/doc/user/group/saml_sso/troubleshooting_scim.md +++ b/doc/user/group/saml_sso/troubleshooting_scim.md @@ -1,5 +1,5 @@ --- -stage: Manage +stage: Govern group: Authentication and Authorization info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- @@ -13,7 +13,18 @@ This section contains possible solutions for problems you might encounter. When you remove a user, they are removed from the group but their account is not deleted (see [remove access](scim_setup.md#remove-access)). -When the user is added back to the SCIM app, GitLab cannot create a new user because the user already exists. +When the user is added back to the SCIM app, GitLab does not create a new user because the user already exists. + +From August 11, 2023, the `skip_saml_identity_destroy_during_scim_deprovision` feature flag is enabled. + +For a user de-provisioned by SCIM from that date, their SAML identity is not removed. + +When that user is added back to the SCIM app: + +- Their SCIM identity `active` attribute is set to `true`. +- They can sign in using SSO. + +For users de-provisioned by SCIM before that date, their SAML identity is destroyed. To solve this problem: diff --git a/doc/user/group/settings/group_access_tokens.md b/doc/user/group/settings/group_access_tokens.md index 76aa77d026b..795967e9f91 100644 --- a/doc/user/group/settings/group_access_tokens.md +++ b/doc/user/group/settings/group_access_tokens.md @@ -1,11 +1,11 @@ --- -stage: Manage +stage: Govern group: Authentication and Authorization info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments" type: reference, howto --- -# Group access tokens +# Group access tokens **(FREE)** With group access tokens, you can use a single token to: @@ -57,7 +57,7 @@ all projects that have visibility level set to [Internal](../../public_access.md To create a group access token: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > Access Tokens**. 1. Enter a name. The token name is visible to any user with permissions to view the group. 1. Enter an expiry date for the token: @@ -119,7 +119,7 @@ or API. However, administrators can use a workaround: To revoke a group access token: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > Access Tokens**. 1. Next to the group access token to revoke, select **Revoke**. @@ -138,6 +138,8 @@ token.revoke! ## Scopes for a group access token +> `k8s_proxy` [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/422408) in GitLab 16.4 [with a flag](../../../administration/feature_flags.md) named `k8s_proxy_pat`. Enabled by default. + The scope determines the actions you can perform when you authenticate with a group access token. | Scope | Description | @@ -149,12 +151,14 @@ The scope determines the actions you can perform when you authenticate with a gr | `read_repository` | Grants read access (pull) to all repositories within a group. | | `write_repository` | Grants read and write access (pull and push) to all repositories within a group. | | `create_runner` | Grants permission to create runners in a group. | +| `ai_features` | Grants permission to perform API actions for GitLab Duo. | +| `k8s_proxy` | Grants permission to perform Kubernetes API calls using the agent for Kubernetes in a group. | ## Enable or disable group access token creation To enable or disable group access token creation for all subgroups in a top-level group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand **Permissions and group features**. 1. Under **Permissions**, turn on or off **Users can create project access tokens and group access tokens in this group**. diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index 4fb8b293334..e9064ff72a6 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -56,7 +56,7 @@ the private subgroup. To view the subgroups of a group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select the **Subgroups and projects** tab. 1. To view a nested subgroup, expand a subgroup in the hierarchy list. @@ -77,14 +77,14 @@ Prerequisites: - At least the Maintainer role for a group to create subgroups for it. - The [role determined by a setting](#change-who-can-create-subgroups). These users can create subgroups even if group creation is - [disabled by an Administrator](../../../administration/admin_area.md#prevent-a-user-from-creating-groups) in the user's settings. + [disabled by an Administrator](../../../administration/admin_area.md#prevent-a-user-from-creating-top-level-groups) in the user's settings. NOTE: You cannot host a GitLab Pages subgroup website with a top-level domain name. For example, `subgroupname.example.io`. To create a subgroup: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find a parent group for the subgroup. +1. On the left sidebar, select **Search or go to** and find a parent group for the subgroup. 1. On the parent group's overview page, in the upper-right corner, select **New subgroup**. 1. Select **Create group**. 1. Fill in the fields. View a list of [reserved names](../../reserved_names.md) that cannot be used as group names. @@ -99,13 +99,13 @@ Prerequisite: To change who can create subgroups on a group: - As a user with the Owner role on the group: - 1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. + 1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Settings > General**. 1. Expand **Permissions and group features**. 1. Select a role from **Roles allowed to create subgroups**. 1. Select **Save changes**. - As an administrator: - 1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). + 1. On the left sidebar, select **Search or go to**. 1. Select **Admin Area**. 1. On the left sidebar, select **Overview > Groups**. 1. In the group's row select **Edit**. @@ -161,7 +161,7 @@ Group permissions for a member can be changed only by: To see if a member has inherited the permissions from a parent group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Manage > Members**. Members list for an example subgroup _Four_: diff --git a/doc/user/group/value_stream_analytics/index.md b/doc/user/group/value_stream_analytics/index.md index 1e042ab1924..0d91416dfa5 100644 --- a/doc/user/group/value_stream_analytics/index.md +++ b/doc/user/group/value_stream_analytics/index.md @@ -212,7 +212,7 @@ Prerequisites: To view value stream analytics for your group or project: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project or group. +1. On the left sidebar, select **Search or go to** and find your project or group. 1. Select **Analyze > Value stream analytics**. 1. To view metrics for a particular stage, select a stage below the **Filter results** text box. 1. Optional. Filter the results: @@ -302,7 +302,7 @@ Prerequisite: To view lifecycle metrics: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project or group. +1. On the left sidebar, select **Search or go to** and find your project or group. 1. Select **Analyze > Value stream analytics**. Lifecycle metrics display below the **Filter results** text box. 1. Optional. Filter the results: @@ -316,7 +316,7 @@ To view lifecycle metrics: To view the [Value Streams Dashboard](../../analytics/value_streams_dashboard.md) and [DORA metrics](../../analytics/dora_metrics.md): -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project or group. +1. On the left sidebar, select **Search or go to** and find your project or group. 1. Select **Analyze > Value stream analytics**. 1. Below the **Filter results** text box, in the **Lifecycle metrics** row, select **Value Streams Dashboard / DORA**. 1. Optional. To open the new page, append this path `/analytics/dashboards/value_streams_dashboard` to the group URL @@ -331,7 +331,7 @@ Value stream analytics shows the median time spent by issues or merge requests i To view the median time spent in each stage by a group: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project or group. +1. On the left sidebar, select **Search or go to** and find your project or group. 1. Select **Analyze > Value stream analytics**. 1. Optional. Filter the results: 1. Select the **Filter results** text box. @@ -355,7 +355,7 @@ group and time frame. To view tasks by type: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. On the left sidebar, select **Search or go to** and find your group. 1. Select **Analyze > Value stream analytics**. 1. Below the **Filter results** text box, select **Overview**. The **Tasks by type** chart displays below the **Total time** chart. 1. To switch between the task type, select the **Settings** (**{settings}**) dropdown list @@ -372,7 +372,7 @@ To view tasks by type: When you create a value stream, you can use GitLab default stages and hide or re-order them. You can also create custom stages in addition to those provided in the default template. -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project or group. +1. On the left sidebar, select **Search or go to** and find your project or group. 1. Select **Analyze > Value Stream analytics**. 1. Select **Create new Value Stream**. 1. Enter a name for the value stream. @@ -396,7 +396,7 @@ If you have recently upgraded to GitLab Premium, it can take up to 30 minutes fo When you create a value stream, you can create and add custom stages that align with your own development workflows. -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project or group. +1. On the left sidebar, select **Search or go to** and find your project or group. 1. Select **Analyze > Value Stream analytics**. 1. Select **Create value stream**. 1. For each stage: @@ -430,7 +430,7 @@ The first value stream uses standard timestamp-based events for defining the sta After you create a value stream, you can customize it to suit your purposes. To edit a value stream: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project or group. +1. On the left sidebar, select **Search or go to** and find your project or group. 1. Select **Analyze > Value Stream analytics**. 1. In the upper-right corner, select the dropdown list, then select a value stream. 1. Next to the value stream dropdown list, select **Edit**. @@ -449,7 +449,7 @@ After you create a value stream, you can customize it to suit your purposes. To To delete a custom value stream: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project or group. +1. On the left sidebar, select **Search or go to** and find your project or group. 1. In the upper-right corner, select the dropdown list, then select the value stream you would like to delete. 1. Select **Delete (name of value stream)**. 1. To confirm, select **Delete**. @@ -464,7 +464,7 @@ To delete a custom value stream: The **Total time chart** shows the average number of days it takes for development cycles to complete. The chart shows data for the last 500 workflow items. -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project or group. +1. On the left sidebar, select **Search or go to** and find your project or group. 1. Select **Analyze > Value stream analytics**. 1. Above the **Filter results** box, select a stage: - To view a summary of the cycle time for all stages, select **Overview**. |
