Move assertions to SAML page

b3bd251c · Cynthia Ng · David O'Regan · c832ff83 · b3bd251c · b3bd251c
Commit b3bd251c authored 4 years ago by Cynthia Ng Committed by David O'Regan 4 years ago
--- a/doc/user/group/saml_sso/group_managed_accounts.md
+++ b/doc/user/group/saml_sso/group_managed_accounts.md
@@ -37,17 +37,7 @@ Since use of the group-managed account requires the use of SSO, users of group-m
 - The user is unable to access the group (their credentials no longer work on the identity provider when prompted to use SSO).
 - Contributions in the group (for example, issues and merge requests) remains intact.
  
-## Assertions
-
-When using group-managed accounts, the following user details need to be passed to GitLab as SAML
-assertions to be able to create a user.
-
-| Field           | Supported keys |
-|-----------------|----------------|
-| Email (required)| `email`, `mail` |
-| Full Name       | `name` |
-| First Name      | `first_name`, `firstname`, `firstName` |
-| Last Name       | `last_name`, `lastname`, `lastName` |
+Please refer to our [SAML SSO for Groups page](../index.md) for information on how to configure SAML.
  
 ## Feature flag **(PREMIUM SELF)**
  

--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -25,7 +25,7 @@ SAML SSO is only configurable at the top-level group.
 1. Navigate to the group and select **Settings > SAML SSO**.
 1. Configure your SAML server using the **Assertion consumer service URL**, **Identifier**, and **GitLab single sign-on URL**. Alternatively GitLab provides [metadata XML configuration](#metadata-configuration). See [specific identity provider documentation](#providers) for more details.
 1. Configure the SAML response to include a NameID that uniquely identifies each user.
-1. Configure [required assertions](group_managed_accounts.md#assertions) if using [Group Managed Accounts](group_managed_accounts.md).
+1. Configure [required assertions](#assertions) if using [Group Managed Accounts](group_managed_accounts.md), or expecting new user accounts to be created.
 1. While the default is enabled for most SAML providers, please ensure the app is set to have [Service Provider](#glossary) initiated calls in order to link existing GitLab accounts.
 1. Once the identity provider is set up, move on to [configuring GitLab](#configuring-gitlab).
  
@@ -53,6 +53,19 @@ Once users have signed into GitLab using the SSO SAML setup, changing the `NameI
  
 We recommend setting the NameID format to `Persistent` unless using a field (such as email) that requires a different format.
  
+### Assertions
+
+For users to be created with the right information with the improved [user access and management](#user-access-and-management),
+the following user details need to be passed to GitLab as SAML assertions.
+
+| Field           | Supported keys |
+|-----------------|----------------|
+| Email (required)| `email`, `mail` |
+| Username        | `username`, `nickname` |
+| Full Name       | `name` |
+| First Name      | `first_name`, `firstname`, `firstName` |
+| Last Name       | `last_name`, `lastname`, `lastName` |
+
 ### Metadata configuration
  
 GitLab provides metadata XML that can be used to configure your Identity Provider.

--- a/ee/app/views/groups/saml_providers/_info.html.haml
+++ b/ee/app/views/groups/saml_providers/_info.html.haml
@@ -8,7 +8,7 @@
      %li
        = _("During this process, you’ll be asked for URLs from GitLab’s side. Use the URLs shown below.")
      %li
-        = (_("Set up assertions/attributes/claims (email, first_name, last_name) and NameID according to %{docsLinkStart}the documentation %{icon}%{docsLinkEnd}") % { icon: sprite_icon('external-link'), docsLinkStart: "<a href='#{help_page_path('user/group/saml_sso/group_managed_accounts', anchor: 'assertions')}' target='_blank'>", docsLinkEnd: '</a>' }).html_safe
+        = (_("Set up assertions/attributes/claims (email, first_name, last_name) and NameID according to %{docsLinkStart}the documentation %{icon}%{docsLinkEnd}") % { icon: sprite_icon('external-link'), docsLinkStart: "<a href='#{help_page_path('user/group/saml_sso/index.md', anchor: 'assertions')}' target='_blank'>", docsLinkEnd: '</a>' }).html_safe
      %li
        = html_escape(_("Fill in the fields below, turn on %{strong_open}Enable SAML authentication for this group%{strong_close}, and press %{strong_open}Save changes%{strong_close}")) % { strong_open: '<strong>'.html_safe, strong_close: '</strong>'.html_safe }
      %li