Skip to content

Users can be exempt from phone verification

Jay requested to merge jswain_identity_verification_exemptions into master

What does this MR do and why?

Users can be exempt from phone verification

part of: https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/332

Changelog: changed EE: true

Screenshots or screen recordings

phone_exemption_720

How to set up and validate locally

The setup to verify this locally is quite the lift, but here's the steps if you'd like:

  1. Enable hard email confirmation
  2. Configure and enable Arkose
  3. Enable Identity Verification
  4. Setup and configure customers app
  5. Setup and configure Zuora
  6. Register a user, but don't complete Identity Verification
  7. Mark the user as medium risk: http://localhost:3000/admin/users/phonelessguy2/edit
  8. Confirm the user is required to perform Phone verification
  9. As an admin, create a phone verification exemption for the user: http://localhost:3000/admin/users/phonelessguy2/edit
  10. Confirm the user can now skip phone verification, and instead complete credit card verification.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Jay

Merge request reports