Add user_enable_two_factor email notifications and audit events (!204794) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Adds email notifications and audit events when a user registers a OTP authenticator or WebAuthn device.

Creates the user_enable_two_factor audit event type

References

Add email notifications & audit events when a u... (#549619 - closed)

Screenshots or screen recordings

OTP	WebAuthn

Audit event entry:

How to set up and validate locally

Enable two-factor authentication for an account
Review sent email in /rails/letter_opener/
View Audit events for entry

For Enterprise Users:

Simulate a SaaS instance
Create a top-level group and assign it a Premium subscription

Verify a domain

Add group domains

domain = PagesDomain.last
domain = update!(
  verified_at: Time.current,
  enabled_until: 1.year.from_now
)
::Groups::EnterpriseUsers::BulkAssociateByDomainWorker.perform_async(domain.id)

Re-do the above instructions

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Sep 23, 2025 by Jio Castillo

Add user_enable_two_factor email notifications and audit events

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports