QA tests with Required Email Verification / Identity Verification

Our groupanti-abuse work often involves hardening security when logging in and/or registering users. Two examples of this are Required Email Verification and Identity Verification.

We are planning to roll out Identity Verification very soon and are currently rolling out Required Email Verification.

Unfortunately, the QA test pipelines fail when we enable the require_email_verification feature flag. I worry the same will happen when we enable the identity_verification feature flag.

Currently the problem is 'solved' by simply disabling the feature flag...

We already did some work to let QA users bypass our security features, but apparently this does not seem to work.

Is this because the GITLAB_QA_USER_AGENT environment variable is only set on Staging and not on Production? (Actually, QA tests also seem to be failing on Staging with the bypass, see this slack conversation from Nov 15th.)

Can we find a more reliable way to let QA users bypass our security features?