From 5e9321fdb7f4f56c631e16e2a2636dcadf1a587c Mon Sep 17 00:00:00 2001
From: Michael Gibson <mgibson@gitlab.com>
Date: Wed, 24 Aug 2022 23:43:50 +0000
Subject: [PATCH] Document Azure AD 150 SAML Group Limitation

---
 doc/user/group/saml_sso/group_sync.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/doc/user/group/saml_sso/group_sync.md b/doc/user/group/saml_sso/group_sync.md
index 8bc316f9396c0..20dcd6eab270a 100644
--- a/doc/user/group/saml_sso/group_sync.md
+++ b/doc/user/group/saml_sso/group_sync.md
@@ -167,3 +167,18 @@ graph TB
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/290367) in GitLab 15.3.
 
 You can use the GitLab API to [list, add, and delete](../../../api/groups.md#saml-group-links) SAML group links.
+
+## Troubleshooting
+
+This section contains possible solutions for problems you might encounter.
+
+### User that belongs to many SAML groups automatically removed from GitLab group
+
+When using Azure AD as the SAML identity provider, users that belong to many SAML groups can be automatically removed from your GitLab group. Users are removed from GitLab
+groups if the group claim is missing from the user's SAML assertion.
+
+Because of a [known issue with Azure AD](https://support.esri.com/en/technical-article/000022190), if a user belongs to more than 150 SAML groups, the group claim is not sent
+in the user's SAML assertion.
+
+To work around this issue, allow more than 150 group IDs to be sent in SAML token using configuration steps in the
+[Azure AD documentation](https://support.esri.com/en/technical-article/000022190).  
-- 
GitLab