<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=25696) </details> <!--IssueSummary end--> ### Problem to solve Current settings do not permit requiring two factor for only a subset of users - in this case - external users. ### Target audience Security Analyst ### Further details Our 'internal' users already have duo two factor configured for use with LDAP authentication. It would be nice to force two factor for external users without requiring internal users to configure an additional two factor. ### Proposal Any of the following: 1.) allow admins to require two factor when creating external accounts 2.) Checkbox under Admin Area -> Settings -> Sign-in Restrictions : "Require external users to setup 2fa" ### What does success look like, and how can we measure that? External accounts would require google two factor - while internal accounts could just use ldap (with its own separate two factor). ### Links / references