Enable two_factor_enabled API field for group owners

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Release notes

Problem to solve

Group owners on GitLab.com want to confirm 2FA usage of group members.

The current situation is confusing, possible a result #352210 (closed) :

• Our permissions say that group owners can do so, but only admins can get the info through the API. Owners can view the 2FA badge on https://gitlab.com/groups/…path…/-/group_members pages.
• For provisioned users OTOH, the API field two_factor_enabled is available to owners.

Alternatively, the https://gitlab.com/groups/…path…/-/edit pages have a Two-factor authentication option, that can be enforced for all, which may make checking the status unnecessary.

Proposal

Include two_factor_enabled in GET /groups/:id/members responses for owners of that group, like GET /users/:id already does for instance admins.

Intended users

• Cameron (Compliance Manager)
• Delaney (Development Team Lead)
• Ingrid (Infrastructure Operator)

Feature Usage Metrics

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.