We’ve had several requests from GitLab Mattermost community for different ways to restrict the create of teams. We wanted to share our thinking and open a discussion on the design of the features and priorities. Features fall into a few categories:
1. Restriction creation of new teams
###a. Requiring GitLab SSO for creation of new teams
Over time in the new Admin Console under “Single Sign-On” there would be options to offer email, GitLab, LDAP, and other authentication options.
Disabling email authentication would change the team creation screen on the root directory to appear with only the SSO option(s) selected, such as this GitLab auth screen:
We’re going to aim for requiring GitLab SSO for creating new teams in for v0.7.0, which will go to RC1 end of this week, and release Sept 4.
###b. Add option to disable creation of teams
We’re aiming for a config setting for v0.7.0, and we’ll aim to move it to the database and then add to the Admin Console next milestone.
###c. Invite users to create a new team by email
This option would be available in the Admin Console to the IT Admin.
If we offered this, should we have a timeout, and if so, how long should the time out period be?
Not scheduled, awaiting feature request.
###d. Enable creation of a new team via generated link.
This option would be available in the Admin Console to the IT Admin.
If we offered this, should we have a timeout, and if so, how long should the time out period be?
Not scheduled, awaiting feature request.
###e. Restrict creation of new teams to emails from specific domain.
Excellent suggestion from Stan Hu, ticket filed on this in our new issue tracking system.