Allow group owners to reset 2FA/MFA for Group Managed Accounts

Problem to solve

Resetting two-factor authentication (2FA - sometimes known as multi-factor authentication or MFA) on GitLab.com today involves opening a ticket with GitLab support, and having a validated member of the customer's userbase "vouch" for the identity of the requestor. For our customers with large numbers of users, this can be a fairly common need.

Allowing group owners the ability to reset 2FA for members of the group would speed up this process and remove some of the ticket load from support.

Intended users

• Persona: Sidney (Systems Administrator)
• GitLab.com Group Owners

Proposal

NOTE: Since GMA is not a concept we're investing in at the moment an alternative approach to this issue will be covered here: #225767

When a Group Managed Account is locked-out due to a loss of their second-factor device, a Group Owner should be able to "reset" 2FA and provide the locked-out user with a way to re-pair with their second-factor device.

We could add a Disable button only visible to Group Owners on the members list, which is similar to how we handle it for Self-Managed Administrators:

Permissions and Security

Group Owners should be the role with access to this feature.

What is the type of buyer?

All .com customers that enable Group Managed Accounts (Silver/Gold).