Add ability to add secondary email address to Service Account on GitLab.com

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Proposal

Presently it is not possible to update the primary address of service accounts as is being discussed on the issue Allow customizable email address for service accounts.

This proposal means to suggest to instead add a secondary email address, set it as default for notifications, change public and commit email addresses to work around to the Allow customizable email address for service accounts issue.

Some customers have expressed a need for a secondary email address for service accounts to address the following challenges:

1. Using the service account to make commits to repositories as the service user for internal processes. This can only be done if the email address being used is one of the verified email addresses on the account.
2. Using the email address as the default for notifications messages where a team will monitor the inbox and act on it accordingly.

There are two approaches in which adding a secondary email address can be accomplished:

1. Allow the service account to add the secondary email using a Personal Token to do so. This can presently be done however there is a problem where the secondary email once added is not verified. This would not be an issue if a verification email is sent however this is not the case. No verification email is sent which prevent this approach from working presently.
2. Allow Group Owners in the service account to add the secondary email and skip verification. Currently this is only allowed for Administrators of the GitLab instance so not feasible for GitLab.com customers.

In terms of trying to address the need to update the commit email and public email addresses to mach company email addresses this can only be configured by the user via the UI. Since service accounts cannot sign in and these fields are not exposed via the User API (other than by instance administrators via the API) this is not currently possible.