Disable user's ability to enable Two-Factor Authentication
Release notes
Problem to solve
Enterprises with strict compliance rules require a Single Source of Truth Authentication system. Access credential are managed in and provisioned through these systems. Thus, users should not have the ability to modify their access credentials, including 2 factor authentication.
Intended users
Proposal
- Admins are able to configure that users are not allowed to enable 2 factor authentication in the
gitlab.rb
- When that is configured, users do not see the
Two-Factor Authentication
section including theEnable two-factor authentication
button in theirProfile->Settings->Account
.
Further details
Permissions and Security
- only system adminstrator can change this setting
Documentation
- Document feature setting and functionality in https://docs.gitlab.com/omnibus/settings/configuration.html
Availability & Testing
What does success look like, and how can we measure that?
Admins are can disable user's ability to enable two-factor authentication
What is the type of buyer?
Large, compliance regulated, heavily audited Enterprise. Probably Ultimate tier
Is this a cross-stage feature?
No