Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docs: basic docs for SAML SSO #11288
Docs: basic docs for SAML SSO #11288
Changes from 4 commits
58c15f9
3ecf29d
496a704
df658d5
8958ac9
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aren't we creating a team automatically when SAML is enabled on an organization in a similar way as we are doing with Google SSO? If not, we should probably do the same and enable auto-join on that team. I think it's a good idea to keep consistency between these two SSO providers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A team is automatically created.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any way to enforce this in the next login after enabling SAML for the organization?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similar to Google, we would need to find a way for users to link their existing account to the provider, but since we don't allow them so sign-in, they will be locked from their account. We could experiment with at least with some manual redirect to guide users to connect their accounts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I remember we talked about this a few times, but I'm not sure if we have an issue to track this. I think it's important to find a way of logout the users if they are revoked access. Do we have an issue for this that we can prioritize its research?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What we did last time was to decrease the session time, but it's impossible to know if a user access was revoked from the provider (unless we have a webhook of some kind). The other feature we are discussing is having a button to remove the user from all teams with a single click https://github.com/readthedocs/readthedocs-corporate/issues/1476.