Sign-in restrictions (CORE ONLY)
You can use Sign-in restrictions to customize authentication restrictions for web interfaces as well as Git over HTTP(S).
Settings
To access sign-in restriction settings:
- Navigate to the Admin Area > Settings > General.
- Expand the Sign-in restrictions section.
Password authentication enabled
You can restrict the password authentication for web interface and Git over HTTP(S):
- Web interface: When this feature is disabled, an external authentication provider must be used.
- Git over HTTP(S): When this feature is disabled, a Personal Access Token must be used to authenticate.
Two-factor authentication
When this feature enabled, all users must use the two-factor authentication.
Once the two-factor authentication is configured as mandatory, the users are allowed to skip forced configuration of two-factor authentication for the configurable grace period in hours.
Email notification for unknown sign-ins
Introduced in GitLab 13.2.
When enabled, GitLab notifies users of sign-ins from unknown IP addresses or devices. For more information, see Email notification for unknown sign-ins.
Sign-in information
All users that are not logged in are redirected to the page represented by the configured Home page URL if value is not empty.
All users are redirected to the page represented by the configured After sign out path after sign out if value is not empty.
In the Sign-in restrictions section, scroll to the Sign-in text field. You can add a custom message for your users in Markdown format.
For example, if you include the following information in the noted text box:
# Custom sign-in text
To access this text box, navigate to Admin Area > Settings > General, and expand the "Sign-in restrictions" section.
Your users see the Custom sign-in text when they navigate to the sign-in screen for your GitLab instance: