Add option to enforce two factor authentication on administrator users (!137911) · Merge requests · GitLab.org / GitLab

Félix Veillette-Potvin requested to merge fvpotvin-add-enforce-admin-2fa-setting into master Nov 24, 2023

What does this MR do and why?

This MR Adds a setting that allows to enforce two-factor authentication on administator users. Issue link: Enforce 2FA for GitLab administrators (#427549 - closed)

Screenshots or screen recordings

EnforceAdmin2FAVideo

Before	After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

2FA enforcement

Connect to the instance
Go to the admin area
Under "Sign-in restrictions", find the checkbox "Require administrators to enable 2FA"
Click the checkbox
Connect as any administrator user without 2FA, and notice that you are asked to add a two factor authentication.

Audited

Disable the feature again
Go to the left pane, and click "Monitoring" -> "Audit events"
View that there are audit events on enabling and disabling the features

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jan 03, 2024 by Dominic Couture

Add option to enforce two factor authentication on administrator users