Selectively disable 2FA per-provider
Problem to solve
In https://gitlab.com/gitlab-org/gitlab-ce/issues/26828, we added the ability to disable 2FA instance-wide for all providers. 2FA is an important security tool.
The original problem the original MR was designed to solve: where you're already using 2FA in your oAuth/SAML identity provider, it's unnecessarily duplicative to ask for a 2FA again in GitLab.
We should implement disabling 2FA on a provider-by-provider basis (e.g. only if a user is attempting to log in via SAML, but not if they're using GitLab credentials and logging in directly).
Proposal
Allow an admin to disable 2FA only for certain providers. Disable the ability to disable 2FA globally on an instance for this more selective option.
What does success look like, and how can we measure that?
(If no way to measure success, link to an issue that will implement a way to measure this)