Skip to content

Automatically delete unverified unconfirmed users after number of days

Proposal

Allow an admin to turn on automatic removal of unconfirmed/unverified users after a specified number of days.

Rationale

Especially on GitLab.com, we have a lot of accounts with non-existent emails (typos, misconfigured SCIM/SAML) which are never verified/confirmed.

As a result, we get a lot of Support requests. See #29279 (closed) for a long list.

Implementation

  • Allow some way to turn it on/off (gitlab.rb, admin UI, or API). Preferably Admin/API.
  • Need to choose default, suggest 7 days.
  • Number of days should be configurable.
  • consider throwing an error if < 3 days when soft confirmation is on.
  • Add wording that it will auto delete if not confirmed within the set number of days (ideally, all of) the following:
    • post-registration "Almost there..." page
    • confirmation email
    • Documentation
  • Some technical details in #352514 (comment 1054143903)

Workaround

  • For Self-managed, admins can delete the accounts through any number of methods.
  • For SaaS, GitLab Support will delete the account manually if it's the cause of another issue.
Edited by Cynthia "Arty" Ng