kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/doc/security/two_factor_authentication.md
Anatoly Borodin 6c06b65d1e Use relative links in doc, fix broken generated HTML links 
Links like (doc/web_hooks/web_hooks.md) work in the GitLab source code
web interface, but the HTML generator produces broken links in the `doc`
subdirectories:
http://doc.gitlab.com/ce/hooks/doc/web_hooks/web_hooks.html
instead of the right one
http://doc.gitlab.com/ce/web_hooks/web_hooks.html
in
http://doc.gitlab.com/ce/hooks/custom_hooks.html.

Fixes #14338

[ci skip]

Signed-off-by: Anatoly Borodin <anatoly.borodin@gmail.com>
2016-03-17 00:35:53 +01:00

45 lines
1.5 KiB
Markdown
Raw Blame History

# Enforce Two-factor Authentication (2FA)
Two-factor Authentication (2FA) provides an additional level of security to your
users' GitLab account. Once enabled, in addition to supplying their username and
password to login, they'll be prompted for a code generated by an application on
their phone.
You can read more about it here:
[Two-factor Authentication (2FA)](../profile/two_factor_authentication.md)
## Enabling 2FA
Users on GitLab, can enable it without any admin's intervention. If you want to
enforce everyone to setup 2FA, you can choose from two different ways:
1. Enforce on next login
2. Suggest on next login, but allow a grace period before enforcing.
In the Admin area under **Settings** (`/admin/application_settings`), look for
the "Sign-in Restrictions" area, where you can configure both.
If you want 2FA enforcement to take effect on next login, change the grace
period to `0`.
---
![Two factor authentication admin settings](img/two_factor_authentication_settings.png)
---
## Disabling 2FA for everyone
There may be some special situations where you want to disable 2FA for everyone
even when forced 2FA is disabled. There is a rake task for that:
```
# Omnibus installations
sudo gitlab-rake gitlab:two_factor:disable_for_all_users
# Installations from source
sudo -u git -H bundle exec rake gitlab:two_factor:disable_for_all_users RAILS_ENV=production
```
**IMPORTANT: this is a permanent and irreversible action. Users will have to
reactivate 2FA from scratch if they want to use it again.**
View git blame Copy permalink