Exempt paid non-trial/enterprise users from identity verification (!139101) · Merge requests · GitLab.org / GitLab

Ruby Nealon requested to merge ruby/exempt-paid-enterprise-users-from-idv into master Dec 07, 2023

cc @gitlab-org/modelops/anti-abuse @gitlab-com/gl-security/security-operations/trust-and-safety

What does this MR do and why?

Implements https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/546

Users that are members of/have been invited to paid, non-trial namespaces or are claimed to an enterprise group by their email sign-up domain are treated as exempt from identity verification requirements the same as if a manual exemption had been created.

This is behind a default-off feature flag exempt_paid_namespace_members_and_enterprise_users_from_identity_verification in case there is a necessity to quickly disable this behavior.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Exempt paid non-trial/enterprise users from identity verification

What does this MR do and why?

MR acceptance checklist

Merge request reports