Scope user sign in routes to organization (!208377) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Adds Devise routes within the Organizations scope. This will enable further work to update controllers to support Organizations on user endpoints such as authentication, password management, and user confirmations.

Nothing changes for production end-users - they all belong to the default organization which remains unscoped. The change would occur for any users that belong to a non-default org (none in production) and for which we'll keep interating to support organization-specific sign-in.

References

Scope sign-in routes to Organization (#572833)

Screenshots or screen recordings

Before	After

How to set up and validate locally

Restart your GDK after pulling the branch.
Ensure your have at least one non-default organization created. If you don't see "New organization" in the + menu, enable the feature flag :ui_for_organizations.
```
Feature.enable(:ui_for_organizations)
Feature.enable(:organization_scoped_paths)
```
Sign-out and manually visit the new routes: /o/<your_org_path>/users/sign_in. Sign-in works but is routed to /users/sign_in still. Nothing will use these routes yet so we can fully test each feature as controllers are updated.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Oct 22, 2025 by Drew Blessing

Scope user sign in routes to organization

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports