We have a private group in GitLab.com where only the users authenticated by our company’s GSuite SSO can access our private gitlab group. We are simulating the behavior of what would happen when a staff leaves the company.
A test account’s GSuite login was disabled from the GSuite admin panel. Henceforth, that user can no longer access our private gitlab group (or any of our projects inside that group) using his browser any more. However, that user can still fetch/pull/push the repos which he had previously cloned into his laptop - via both HTTPS & SSH.
The general expectation is that, if a user’s GSuite login is disabled, and if that person can no longer access the GitLab projects via browser, then (s)he should not be able to fetch/push/pull the repo from his laptop CLI anymore either. How to ensure this restriction without having to explicitly remove the user from the list of group members?
P.S. we are aware that will resolve the issue, but that is still an extra manual step which we are looking to avoid if there is any automatic way possible.