►
From YouTube: Auth team sync to discuss SCIM and unified tokens.
Description
Adil and Daniel meet to discuss adding SCIM tokens to the Admin area in GitLab self managed installations, and work relating to unifying tokens. See related issue: https://gitlab.com/gitlab-org/gitlab/-/issues/376138
A
B
B
So
I
want
to
make
sure
that
we're
talking
about
this
from
the
bigger
perspective
of
the
unified
token,
but
specifically
from
this
issue,
is
one
that
I
linked
is
seems
like
a
small
issue,
so
I'll
link
it
just
for
our
recording
or
I'll
share
the
screen.
Real,
quick,
so
The,
Proposal
of
bringing
the
UI
to
the
admin
screen
does
not
seem
unreasonable
or
uncomplicated.
B
But
I
don't
have
a
way
to
test
this
and
I've
been
trying
to
get
this
set
up
on
my
local
environment.
For
a
long
time,
Cynthia
had
suggested
that
Hannah
request
for
a
our
own
sort
of
test
environment
for
these
sorts
of
things
like
any
sort
of
any
sort
of
feature
that
needs
an
external
resource
to
enable
or
to
activate
so
such
as
saml
or
anything
else
like
that,
connecting
Azure
to
our
services
for
authentication
purposes
or
whatnot.
B
So
I
don't
know
if
you
have
a
any
insight
on
that
or
any
way
you
could
do
that
for
the
team.
But
for
me
specifically
in
order
to
kind
of
work
on
some
of
this
stuff,
I've
been
having
problems
because
I
don't
have
access
to
that
and
I
haven't
been
able
to
successfully
get
those
systems
up
and
running,
and
that
extends
to
the
Token,
the
unified
token
and
some
of
the
other
things
that
we've
been
talking
about.
B
A
So
more
broadly-
and
this
has
been
on
my
radar
I
just
haven't-
had
a
chance
to
push
it
through.
I
started
collecting
a
list
from
the
team
on
all
the
Integrations
that
we
typically
don't
have
on
staging,
for
example,
that
doesn't
allow
us
to
test
features
or,
for
example,
in
this
case
design
correctly,
and
then
some
of
them
might
be
easier
to
do
than
harder
to
do.
But
at
least
let's
start
with
the
list,
and
we
can
start
chasing
down.
A
A
A
Integrations
all
right
I
will
flip
this
to
you
right
after
our
conversation
or
seim,
so
I
I
don't
know
if
I
am
familiar
with
where
to
go,
to
enable
that.
But
my
thought
from
a
unified
token
perspective
was
that
at
least
for
an
MVC
we'd
allow
it
as
basically
just
a
form
like
RT
proposed
and
then
when
we
come
back
to
unified
tokens,
we
will
come
and
reconsolidate
these
into
like
a
generation,
okay
check
which
type
of
token
you
want
hit
generate,
and
then
you
get
the
same
token.
B
You
know
sensibly
that
it's
just,
let's
just
bring
the
feature
into
the
admin
screen
at
the
top
group
or
whichever
access
point
it
needs
to
be
given
for
users
that
doesn't
seem
unreasonable
beyond
that.
That's
kind
of
where
I
was
thinking
these
brother
other
broader
issues.
We
can
start
thinking
about
how
we
want
to
solve
them
with
standing
up
this
staging
server
with
these
additional
features
and
whatnot
in
the
future.
B
What,
but,
right
now
I
didn't
have
any
sort
of
restriction
or
limitation
apart
from
not
being
able
to
see
or
create
this
screen.
This
interaction
flow
that
that
Cynthia
has
created
for
us,
or
at
least
in
terms
of
presenting
the
visuals
for
it,
and
so
in
order
for
me
to
feel
confident
that
I'm
creating
the
best
integration
or
the
best
location
for
it
to
exist.
A
A
B
From
the
previous
issue,
I,
don't
know
if
you've
seen
them
or
not,
but
where
the
idea
was
to
aggregate
the
the
token
creation
across
all
of
our
tokens.
So
what
does
it
look
like
for
each
process
for
each
token
and
then
find
the
I
guess
the
unified
features
or
flow
for
that,
but,
roughly
speaking,
what
it
comes
down
to
basically
is
give
the
token
a
title
Define
the
token
type,
to
find
the
token
parameters
and
then
create
so
that
part
of
the
flow
should
be
rather
quote
unquote
easily
enough
to
execute.
B
But
it's
those
token
type
and
token
parameters
screen
that
I'm
concerned
about,
because
I
don't
know,
if
there's
any
sort
of
weird
contradictory
behaviors
in
implementing
that
in
the
front
end
or
connecting
that
to
the
back
end
on
how
that
throws
that
data
into
the
system-
I'm,
not
assuming
so,
but
that's
something.
We
don't
really
have
a
process
set
up
for,
because
we
have
different
sorts
of
screens
for
different
tokens
right.
It's
not
a
unified
process
for
the
time
being.
B
A
Yeah-
and
that
was
my
third
part-
is
like
I-
think
the
the
things
we
need
to
identify
there
are
basically
in
from
a
hierarchical
manner.
Where
do
you
create
those
tokens
who's
allowed
to
and
when
we
say
Unified
tokens,
do
they
still
stay
at
the
same
place
or
how
do
we
limit
access
to
people
who
can
get
there
because,
for
example,
project
or
construct
everyone
can
almost
everyone
can
create
them.
A
B
Right
right,
so
that
was
another
question.
Maybe
that
I
think
at
least
in
terms
of
the
way
that
it
should
work
for
I,
guess
a
project
token
or
access
token,
in
contrast
to
a
user
access
token
for
personal
stuff,
that's
where
I
think
there's
going
to
be
presentation
or
differences
or
inconsistencies
where,
from
a
user
perspective,
I
just
need
an
access
token
to
get
into
my
project
and
do
some
work
and
stuff,
but
from
an
admin
perspective.
B
I
need
a
bot
to
go,
have
access
to
this
particular
resource
and
do
whatever
process
it
does
as
a
bot
and
that
I
think
will
have
different
locations.
So
I'm
curious
if
we
can
just
use
the
same
flow
or
the
same
system
for
different
use
cases
and
different
access
areas.
So
as
an
individual
user,
I
still
have
access
to
the
unified
token
creation
screen.
But
the
options
I
presented
with
are
limited
from
an
admin
perspective.
B
I'm
going
to
have
be
presented,
the
same
token
creation
screen,
but
in
a
different
admin
screen
and
then
Define
the
token
I
I
want
based
off
of
the
the
need
that
I
have
and
the
particular
location
that
I
have
so
that's
another
parameter.
What
the
location
is
that
it's
being
done.
So,
if
that's
a
logical
process,
I
need
to
validate
first.
B
A
Okay
and
and
I
I'm
on
board
doing
that,
because
we
and
we
we
kind
of
know
that
works
at
least
on
some
level,
but
I'm
also
open
to
saying
Hey.
What
if
we
didn't
have
all
of
these
flows
right
like
the
fact
that
people
have
to
ask
six
questions
a
day
on
how
tokens
work
probably
means
we
can.
We
can
start
fresh
here,
but
that's
more
design
decision
than
implementation
Okay
so
equals
just
so
that
we
we
make
sure
you're
unblocked.
A
B
Yeah,
so
that's
my
my
first
assumption
was
based
off
of
what
Cynthia
had
linked
us
is
that
we
already
have
that
process.
It
just
simply
doesn't
exist
in
the
admin
area,
and
the
visuals
required
would
just
be
the
same.
That
already
exist
in
the
SAS
environment,
bringing
them
over
to
the
admin
area
and
that
I'm
gonna
say
it's
gonna
just
be
at
the
top
group
level.
A
Okay
cool,
so
let's,
let's
do
that
so
I'll
show
you
I'll
share
with
you
the
list
of
things
we
need
and
then
we
can
start
aggressively
actioning
them.
It
just
fell
down
on
the
list
of
to-do's
three
I'll
reach
out
to
one
of
the
senior
Engineers,
because
I
think
we
it'll
help
to
do
the
same
thing.
We
did
with
custom
rules
where
having
someone
drive
this
with
you
at
least
on
a
design
phase.
B
A
Cool
all
right,
I
think
that
should
work.
Do
we
want
to
set
like
a
rough
timeline
or
checkpoints
just
so
that
it
we
keep
making
progress
on
this
one
I'll
chat
with
Emery
today,
and
then
we
can
feel
free
to
Loop
in
Hannah
on.
When
do
we
want
to
schedule
the
spikes
for
unified
tokens
and
through
that
work,
I?
Think
part
of
that
would
be
okay,
make
sure
again
it
is
set
up
with
accessing
all
the
token
types
we
have
today.
B
This
is
writing
that
down
on
my
agendas,
I,
don't
forget
yeah.
So
in
terms
of
a
timeline
like
I
said
the
skim
token
we're
talking
about
that
one
I,
don't
think
it's
problematic
I
think
I
can
get
that
one
done
in
a
milestone
based
off
of
the
issue.
We
linked
the
further
work
I
think
that's
going
to
come
into
roadmap
planning
that
Hannah
and
I
have
scheduled.
B
I
think
she
might
have
invited
you
to
that.
If
not
I'll
talk
with
her
about
getting
you
involved
with
that,
just
in
terms
of
the
planning
for
the
whole
long
term
and
I
think
we
can
put
unified
token
in
there
somewhere
with
the
rest
of
the
work
against.
You
know
the
rbac
stuff,
that's
being
kind
of
prioritized
right
now,
I
think.