Automatically delete unverified unconfirmed users after number of days
Proposal
Allow an admin to turn on automatic removal of unconfirmed/unverified users after a specified number of days.
Rationale
Especially on GitLab.com, we have a lot of accounts with non-existent emails (typos, misconfigured SCIM/SAML) which are never verified/confirmed.
As a result, we get a lot of Support requests. See #29279 (closed) for a long list.
Implementation
- Allow some way to turn it on/off (
gitlab.rb
, admin UI, or API). Preferably Admin/API. - Set to 7 days by default (allow the number of days to be configurable if it does not increase the weight of the issue)
- Add wording that it will auto delete if not confirmed in (ideally, all of) the following:
- post-registration "Almost there..." page
- confirmation email
Workaround
- For Self-managed, admins can delete the accounts through any number of methods.
- For SaaS, GitLab Support will delete the account manually if it's the cause of another issue.