Account Ownership Verification PIN

Problem to solve

As a GitLab administrator of a large public instance, I want to verify the authenticity of requests coming from my helpdesk. For example, if a user writes in asking that I take an action on their account, I want a second factor of verification directly within my GitLab instance.

Intended users

Proposal

Further details

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

The MVC would be to have the ability for a user to create a support PIN in the UI and viewable in the /admin/user/user-name area. API is bonus!

What is the type of buyer?

Is this a cross-stage feature?

Yes, the admin area and settings page are not tied to any group.

Links / references

• https://about.gitlab.com/handbook/support/workflows/account_verification.html
• https://gitlab.com/gitlab-com/support/internal-requests/-/wikis/Procedures/GLGL-Report-Authentication (GitLab internal)
• https://gitlab.com/gitlab-com/support/support-team-meta/-/issues/1352 (GitLab internal)