Merge branch 'eduardosanz/omniauth-option-doc' into 'master'

Bring OmniAuth documentation from Charts

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/169171



Merged-by: Jon Glassman <jglassman@gitlab.com>
Approved-by: Bogdan Denkovych <bdenkovych@gitlab.com>
Reviewed-by: Bogdan Denkovych <bdenkovych@gitlab.com>
Reviewed-by: Eduardo Sanz García <esanz-garcia@gitlab.com>
Co-authored-by: Eduardo Sanz García <esanz-garcia@gitlab.com>

doc/integration/omniauth.md

@@ -43,12 +43,20 @@ GitLab supports the following OmniAuth providers.
 Before you configure the OmniAuth provider,
 configure the settings that are common for all providers.
-| Linux package, Docker, and self-compiled | Helm chart | Description | Default value |
-| ----------------------------|------------|-------------|-----------|
-| `enabled`                   | `enabled`          | Allows the use of OmniAuth providers. | `false`, which means that signing in using your OmniAuth providers is not allowed, and the OmniAuth provider buttons are not visible in the user interface. |
-| `allow_single_sign_on`     | `allowSingleSignOn` | List of providers that automatically create a GitLab account. The provider names are available in the **OmniAuth provider name** column in the [supported providers table](#supported-providers). | `false`, which means that signing in using your OmniAuth provider account without a pre-existing GitLab account is not allowed. You must create a GitLab account first, and then connect it to your OmniAuth provider account through your profile settings. |
-| `auto_link_ldap_user`      | `autoLinkLdapUser` | Creates an LDAP identity in GitLab for users that are created through an OmniAuth provider. You can enable this setting if you have [LDAP integration](../administration/auth/ldap/index.md) enabled. Requires the `uid` of the user to be the same in both LDAP and the OmniAuth provider. | `false` |
-| `block_auto_created_users` | `blockAutoCreatedUsers` | Places automatically-created users in a [Pending approval](../administration/moderate_users.md#users-pending-approval) state (unable to sign in) until they are approved by an administrator. | `true`. If you set the value to `false`, make sure you define providers that you can control, like SAML or Google. Otherwise, any user on the internet can sign in to GitLab without an administrator's approval. |
+| Option | Description |
+| ------ | ----------- |
+| `allow_bypass_two_factor`    | Allows users to sign in with the specified providers without two-factor authentication (2FA). Can be set to `true`, `false`, or an array of providers. For more information, see [Bypass two-factor authentication](#bypass-two-factor-authentication). |
+| `allow_single_sign_on`       | Enables the automatic creation of accounts when signing in with OmniAuth. Can be set to `true`, `false` or an array of providers. For provider names, see the [supported providers table](#supported-providers). When `false`, signing in using your OmniAuth provider account without a pre-existing GitLab account is not allowed. You must create a GitLab account first, and then connect it to your OmniAuth provider account through your profile settings. |
+| `auto_link_ldap_user`        | Creates an LDAP identity in GitLab for users that are created through an OmniAuth provider. To enable this setting, you must have [LDAP integration](../administration/auth/ldap/index.md) enabled. Requires the `uid` of the user to be the same in both LDAP and the OmniAuth provider. |
+| `auto_link_saml_user`        | Allows users authenticating through a SAML provider to be automatically linked to a current GitLab user if their emails match. To enable this setting, you must have SAML integration enabled. |
+| `auto_link_user`             | Allows users authenticating through an OmniAuth provider to be automatically linked to a current GitLab user if their emails match. Can be set to `true`, `false`, or an array of providers. For provider names, see the [supported providers table](#supported-providers). |
+| `auto_sign_in_with_provider` | Enables users to use a single provider name to automatically sign in. This must match the name of the provider, such as `saml` or `google_oauth2`. |
+| `block_auto_created_users`   | Places automatically-created users in a [pending approval](../administration/moderate_users.md#users-pending-approval) state (unable to sign in) until they are approved by an administrator. When `false`, make sure you define providers that you can control, like SAML or Google. Otherwise, any user on the internet can sign in to GitLab without an administrator's approval. When `true`, auto-created users are blocked by default and must be unblocked by an administrator before they are able to sign in. |
+| `enabled`                    | Enables and disables the use of OmniAuth with GitLab. When `false`, OmniAuth provider buttons are not visible in the user interface. |
+| `external_providers`         | Enables you to define which OmniAuth providers you want to be `external`, so that all users creating accounts, or signing in through these providers are unable to access internal projects. You must use the full name of the provider, like `google_oauth2` for Google. For more information, see [Create an external providers list](#create-an-external-providers-list). |
+| `providers`                  | The provider names are available in the [supported providers table](#supported-providers). |
+| `sync_profile_attributes`    | List of profile attributes to sync from the provider when signing in. For more information, see [Keep OmniAuth user profiles up to date](#keep-omniauth-user-profiles-up-to-date). |
+| `sync_profile_from_provider` | List of provider names that GitLab should automatically sync profile information from. Entries must match the name of the provider, such as `saml` or `google_oauth2`. For more information, see [Keep OmniAuth user profiles up to date](#keep-omniauth-user-profiles-up-to-date). |
 ### Configure initial settings