Enabling `All users in this group must set up two-factor authentication` on a subgroup should only apply to direct members in that subgroup

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Proposal

GitLab allows the enforcement of 2FA on subgroup levels.

Enabling this on a sub-group forces all user who are members at any parent group to enable 2FA on their accounts even if they do not attempt to access the subgroup.

This feature proposal suggests to only enforce 2FA on direct members of that subgroup.

Edited Aug 28, 2025 by 🤖 GitLab Bot 🤖

Enabling All users in this group must set up two-factor authentication on a subgroup should only apply to direct members in that subgroup

Proposal

Enabling `All users in this group must set up two-factor authentication` on a subgroup should only apply to direct members in that subgroup