The Ultimate Guide to Enabling SAML and SSO on GitLab.com

• SAML and SSO provide an extra layer of security and management efficiency for identity management teams.
• SSO can be enabled in the settings available at the namespace or top level group.
• Enforcing SSO-only authentication for web activity ensures that all members access groups and projects using the configured SSO login.
• Enterprise users in GitLab are created either through a SAML SSO login or SCIM provisioning.
• SCIM automation helps with user deprovisioning from the IdP.
• Default membership should be set to "Minimal Access" to limit access permissions.
• Group memberships in the IdP can be used to grant access to projects and groups automatically.
• SAML Group Links should be used to map IdP groups to roles in GitLab.
• Least privilege is the principle behind granting access to projects.