►
From YouTube: Auth team sync to discuss SCIM and unified tokens.
Description
Adil and Daniel meet to discuss adding SCIM tokens to the Admin area in GitLab self managed installations, and work relating to unifying tokens. See related issue: https://gitlab.com/gitlab-org/gitlab/-/issues/376138
A
B
A
Cool
awesome
all
right,
scim
yeah.
B
So
I
want
to
make
sure
that
we're
talking
about
this
from
the
bigger
perspective
of
the
unified
token,
but
specifically
from
this
issue,
is
one
that
I
linked
is
seems
like
a
small
issue,
so
I'll
link
it
just
for
our
recording
or
I'll
share
the
screen.
Real,
quick,
so
The,
Proposal
of
bringing
the
UI
to
the
admin
screen
does
not
seem
unreasonable
or
uncomplicated.
B
But
I
don't
have
a
way
to
test
this
and
I've
been
trying
to
get
this
set
up
on
my
local
environment.
For
a
long
time,
Cynthia
had
suggested
that
Hannah
request
for
a
our
own
sort
of
test
environment
for
these
sorts
of
things
like
any
sort
of
any
sort
of
feature
that
needs
an
external
resource
to
enable
or
to
activate
so
such
as
saml
or
anything
else
like
that,
connecting
Azure
to
our
services
for
authentication
purposes
or
whatnot.
B
So
I
don't
know
if
you
have
a
any
insight
on
that
or
any
way
you
could
do
that
for
the
team.
But
for
me
specifically
in
order
to
kind
of
work
on
some
of
this
stuff,
I've
been
having
problems
because
I
don't
have
access
to
that
and
I
haven't
been
able
to
successfully
get
those
systems
up
and
running,
and
that
extends
to
the
Token,
the
unified
token
and
some
of
the
other
things
that
we've
been
talking
about.
B
For
you
know,
roadmap
planning,
so
I'm
learning.
If
you
had
some
thoughts
on
that
and
any
idea
on
specifically
this
issue
how
to
proceed
and
then
just
more.
The
broadly
are
kind
of
test
server.
Where
you
can
create.
A
So
more
broadly-
and
this
has
been
on
my
radar
I
just
haven't-
had
a
chance
to
push
it
through.
I
started
collecting
a
list
from
the
team
on
all
the
Integrations
that
we
typically
don't
have
on
staging,
for
example,
that
doesn't
allow
us
to
test
features
or,
for
example,
in
this
case
design
correctly,
and
then
some
of
them
might
be
easier
to
do
than
harder
to
do.
But
at
least
let's
start
with
the
list,
and
we
can
start
chasing
down.
A
A
A
Integrations
all
right
I
will
flip
this
to
you
right
after
our
conversation
or
seim,
so
I
I
don't
know
if
I
am
familiar
with
where
to
go,
to
enable
that.
But
my
thought
from
a
unified
token
perspective
was
that
at
least
for
an
MVC
we'd
allow
it
as
basically
just
a
form
like
RT
proposed
and
then
when
we
come
back
to
unified
tokens,
we
will
come
and
reconsolidate
these
into
like
a
generation,
okay
check
which
type
of
token
you
want
hit
generate,
and
then
you
get
the
same
token.
A
Does
that
work?
Or
do
you
see
issues
with
that.
B
No
that's
kind
of
what
I
was
just
understanding
broadly
from
our
dialogues
throughout
our
issues
and
everything
and
that's
kind
of
why
I
wanted
to
have
the
sync,
because
we
haven't
really
spoken
about
tokens
specifically
in
a
while
and
then
more
so
I
guess
in
terms
of
this
NBC
I
was
just
making
sure
that
I
was
thinking
about
this.
B
You
know
sensibly
that
it's
just,
let's
just
bring
the
feature
into
the
admin
screen
at
the
top
group
or
whichever
access
point
it
needs
to
be
given
for
users
that
doesn't
seem
unreasonable
beyond
that.
That's
kind
of
where
I
was
thinking
these
brother
other
broader
issues.
We
can
start
thinking
about
how
we
want
to
solve
them
with
standing
up
this
staging
server
with
these
additional
features
and
whatnot
in
the
future.
B
What,
but,
right
now
I
didn't
have
any
sort
of
restriction
or
limitation
apart
from
not
being
able
to
see
or
create
this
screen.
This
interaction
flow
that
that
Cynthia
has
created
for
us,
or
at
least
in
terms
of
presenting
the
visuals
for
it,
and
so
in
order
for
me
to
feel
confident
that
I'm
creating
the
best
integration
or
the
best
location
for
it
to
exist.
B
I
want
to
see
what
the
screens
look
like
in
process
from
start
to
finish,
and
that's
kind
of
where
the
the
reason
for
that
the
staging
server
discussion
came
about
I,
don't
think
it'll
hold
up
the
the
this
issue,
because
it's
just
turning
on
the
screen
in
the
in
the
self-managed
environment,
which
I
don't
think
it's
a
problem
from
where
it
exists.
B
Currently
I
think
we
just
have
the
devs
enable
that,
and
that's
at
the
end
of
that,
but
for
my
work
as
I
go
forward
with
other
aspects
of
this
progress
and
or
this
process,
I
want
to
make
sure
that
I'm
doing
the
whole,
you
know
start
to
finish
flow
for
it.
A
That
makes
sense
so
question
like
so
three
parts
to
that
first
I
saw
Cindy,
said
I,
suggested
group
specifically
for
odd
members,
and
we
can
so
can
we
asked
Hannah
if
you
had
a
chance
to
do
that.
If
not,
we
can
chase
that
one
down
and
that's
like
a
action
item
for
today.
A
I
guess
the
second
one
is
tokens
and
the
ability
to
to
see
the
flow
and
consolidate
them
that
epic
I
think
we
need
to
start
pushing
forward
again
we're
just
getting
a
bit
slow
in
terms
of
wrapping
up
custom
rules
and
things
that
have
come
up,
but
service
accounts
and
token
unifications.
A
A
B
From
the
previous
issue,
I,
don't
know
if
you've
seen
them
or
not,
but
where
the
idea
was
to
aggregate
the
the
token
creation
across
all
of
our
tokens.
So
what
does
it
look
like
for
each
process
for
each
token
and
then
find
the
I
guess
the
unified
features
or
flow
for
that,
but,
roughly
speaking,
what
it
comes
down
to
basically
is
give
the
token
a
title
Define
the
token
type,
to
find
the
token
parameters
and
then
create
so
that
part
of
the
flow
should
be
rather
quote
unquote
easily
enough
to
execute.
B
But
it's
those
token
type
and
token
parameters
screen
that
I'm
concerned
about,
because
I
don't
know,
if
there's
any
sort
of
weird
contradictory
behaviors
in
implementing
that
in
the
front
end
or
connecting
that
to
the
back
end
on
how
that
throws
that
data
into
the
system-
I'm,
not
assuming
so,
but
that's
something.
We
don't
really
have
a
process
set
up
for,
because
we
have
different
sorts
of
screens
for
different
tokens
right.
It's
not
a
unified
process
for
the
time
being.
B
A
Yeah-
and
that
was
my
third
part-
is
like
I-
think
the
the
things
we
need
to
identify
there
are
basically
in
from
a
hierarchical
manner.
Where
do
you
create
those
tokens
who's
allowed
to
and
when
we
say
Unified
tokens,
do
they
still
stay
at
the
same
place
or
how
do
we
limit
access
to
people
who
can
get
there
because,
for
example,
project
or
construct
everyone
can
almost
everyone
can
create
them.
A
So
how
does
that
work?
When
do
we
plop
that
on
admin
screen
and
then
can
anyone
get
to
admin
skin
and
see
them?
Then.
B
Right
right,
so
that
was
another
question.
Maybe
that
I
think
at
least
in
terms
of
the
way
that
it
should
work
for
I,
guess
a
project
token
or
access
token,
in
contrast
to
a
user
access
token
for
personal
stuff,
that's
where
I
think
there's
going
to
be
presentation
or
differences
or
inconsistencies
where,
from
a
user
perspective,
I
just
need
an
access
token
to
get
into
my
project
and
do
some
work
and
stuff,
but
from
an
admin
perspective.
B
I
need
a
bot
to
go,
have
access
to
this
particular
resource
and
do
whatever
process
it
does
as
a
bot
and
that
I
think
will
have
different
locations.
So
I'm
curious
if
we
can
just
use
the
same
flow
or
the
same
system
for
different
use
cases
and
different
access
areas.
So
as
an
individual
user,
I
still
have
access
to
the
unified
token
creation
screen.
But
the
options
I
presented
with
are
limited
from
an
admin
perspective.
B
I'm
going
to
have
be
presented,
the
same
token
creation
screen,
but
in
a
different
admin
screen
and
then
Define
the
token
I
I
want
based
off
of
the
the
need
that
I
have
and
the
particular
location
that
I
have
so
that's
another
parameter.
What
the
location
is
that
it's
being
done.
So,
if
that's
a
logical
process,
I
need
to
validate
first.
B
My
initial
assumptions
are
yes,
because
that
still
maintains
the
current
flow
that
users
exist
or
experience
with.
Currently
but
again,
like
I
said:
that's
not
been
validated.
A
Okay
and
and
I
I'm
on
board
doing
that,
because
we
and
we
we
kind
of
know
that
works
at
least
on
some
level,
but
I'm
also
open
to
saying
Hey.
What
if
we
didn't
have
all
of
these
flows
right
like
the
fact
that
people
have
to
ask
six
questions
a
day
on
how
tokens
work
probably
means
we
can.
We
can
start
fresh
here,
but
that's
more
design
decision
than
implementation
Okay
so
equals
just
so
that
we
we
make
sure
you're
unblocked.
A
Would
you
have
enough
information
today
to
propose
a
a
design
for
the
sem
tokens
for
the
work?
That's
in
flight.
B
Yeah,
so
that's
my
my
first
assumption
was
based
off
of
what
Cynthia
had
linked
us
is
that
we
already
have
that
process.
It
just
simply
doesn't
exist
in
the
admin
area,
and
the
visuals
required
would
just
be
the
same.
That
already
exist
in
the
SAS
environment,
bringing
them
over
to
the
admin
area
and
that
I'm
gonna
say
it's
gonna
just
be
at
the
top
group
level.
A
Okay
cool,
so
let's,
let's
do
that
so
I'll
show
you
I'll
share
with
you
the
list
of
things
we
need
and
then
we
can
start
aggressively
actioning
them.
It
just
fell
down
on
the
list
of
to-do's
three
I'll
reach
out
to
one
of
the
senior
Engineers,
because
I
think
we
it'll
help
to
do
the
same
thing.
We
did
with
custom
rules
where
having
someone
drive
this
with
you
at
least
on
a
design
phase.
A
B
Yeah
that
makes
sense
to
me
and
I've
also
added
a
point
to
bring
up
with
Hannah
about
the
the
staging
server
just
to
follow
up
with
that
on
our
101s
I'm.
Seeing
her
today.
A
Cool
all
right,
I
think
that
should
work.
Do
we
want
to
set
like
a
rough
timeline
or
checkpoints
just
so
that
it
we
keep
making
progress
on
this
one
I'll
chat
with
Emery
today,
and
then
we
can
feel
free
to
Loop
in
Hannah
on.
When
do
we
want
to
schedule
the
spikes
for
unified
tokens
and
through
that
work,
I?
Think
part
of
that
would
be
okay,
make
sure
again
it
is
set
up
with
accessing
all
the
token
types
we
have
today.
B
This
is
writing
that
down
on
my
agendas,
I,
don't
forget
yeah.
So
in
terms
of
a
timeline
like
I
said
the
skim
token
we're
talking
about
that
one
I,
don't
think
it's
problematic
I
think
I
can
get
that
one
done
in
a
milestone
based
off
of
the
issue.
We
linked
the
further
work
I
think
that's
going
to
come
into
roadmap
planning
that
Hannah
and
I
have
scheduled.
B
I
think
she
might
have
invited
you
to
that.
If
not
I'll
talk
with
her
about
getting
you
involved
with
that,
just
in
terms
of
the
planning
for
the
whole
long
term
and
I
think
we
can
put
unified
token
in
there
somewhere
with
the
rest
of
the
work
against.
You
know
the
rbac
stuff,
that's
being
kind
of
prioritized
right
now,
I
think.
B
A
No
I
think
that's
it.
The
SCM
work
is
scheduled
for
47.
I
in
my
Infinite
Wisdom
decided
not
to
check
that
it
had
designs
on
it
or
not,
but
we
scheduled
it.
So
if
we
get
them,
then
great,
if
not
we'll
at
least
have
the
API
work
done,
but
fingers
cost.
Maybe
we
squeeze
in
the
UI.
B
B
Oh
cool
thanks
thanks
for
joining
it's
a
good
meeting
and
I
will
speak
with
you,
I
guess
next
time.