Investigate SAML/LDAP integration for GitLab.com

Description

Customers on GitLab.com who have LDAP need to be able to integrate their authorisation service.

Proposal

The first deliverable milestone should be to define the scope of this issue and answer the questions below:

1. Groups should be able to configure SAML authentication for a top-level group (not a subgroup)
2. How do we deal with existing accounts who are already added to the group?
3. Can an existing account be linked to an external identity - e.g. if the user already has personal projects?
4. Is the simplest thing possible to enforce new account creation?
5. How does the group page appear to an authorised or unauthenticated user?
6. How does somebody login to GitLab or to the group?
7. How do we retrieve group information so that we can do similar capability to Group Sync (https://gitlab.com/gitlab-org/gitlab-ee/issues/118)

Links / references

• Screenshots of the configuration process taken during the discovery phase: https://drive.google.com/drive/folders/103gAm1qmBlYwG6f-aT9thrNbcPRD1KH5?usp=sharing
• Notes: https://docs.google.com/document/d/13Vjhdl3VNr6wM1QFNAGabBp69DsjCDhX5k6ocfMcoGA/edit
• Slack channel: https://gitlab.slack.com/messages/C8B6WPDH7