Add latest changes from gitlab-org/gitlab@master

3 files changed, 15 insertions, 7 deletions

diff --git a/doc/user/admin_area/settings/sign_in_restrictions.md b/doc/user/admin_area/settings/sign_in_restrictions.md
index 951e0784c88..df719004062 100644
--- a/doc/user/admin_area/settings/sign_in_restrictions.md
+++ b/doc/user/admin_area/settings/sign_in_restrictions.md
@@ -32,13 +32,13 @@ In the event of an external authentication provider outage, use the [GitLab Rail
 
 > [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/2158) in GitLab 13.10.
 
-If you are an administrator, you might want to work in GitLab without the access that
-comes from being an administrator. While you could create a separate user account that
-doesn't have administrator access, a more secure solution is to use *Admin Mode*.
+If you're an administrator, you might want to work in GitLab without administrator access.
+You could either create a separate user account that does not have
+administrator access or use Admin Mode.
 
-With Admin Mode, your account does not have administrative access by default.
-You can continue to access groups and projects you are a member of, but to access
-administrative functionality, you must authenticate.
+With Admin Mode, your account does not have administrator access by default.
+You can continue to access groups and projects you're a member of. However, for administrative tasks,
+you must authenticate (except for [certain features](#limitations-of-admin-mode)).
 
 When Admin Mode is enabled, it applies to all administrators on the instance.
 
diff --git a/doc/user/enterprise_user/index.md b/doc/user/enterprise_user/index.md
index 7bb8705ace0..2d89d7e5997 100644
--- a/doc/user/enterprise_user/index.md
+++ b/doc/user/enterprise_user/index.md
@@ -25,7 +25,8 @@ A user account is considered an enterprise account when:
 A user can also [manually connect an identity provider (IdP) to a GitLab account whose email address matches the subscribing organization's domain](../group/saml_sso/index.md#link-saml-to-your-existing-gitlabcom-account).
 By selecting **Authorize** when connecting these two accounts, the user account
 with the matching email address is classified as an enterprise user. However, this
-user account does not have an **Enterprise** badge in GitLab.
+user account does not have an **Enterprise** badge in GitLab, and a group Owner cannot
+disable the user's two-factor authentication.
 
 Although a user can be a member of more than one group, each user account can be
 provisioned by only one group. As a result, a user is considered an enterprise
@@ -160,3 +161,9 @@ A top-level group Owner can [set up verified domains to bypass confirmation emai
 
 A top-level group Owner can use the [group and project members API](../../api/members.md)
 to access users' information, including email addresses.
+
+## Troubleshooting
+
+### Cannot disable two-factor authentication for an enterprise user
+
+If an enterprise user does not have an **Enterprise** badge, a top-level group Owner cannot [disable or reset 2FA](#disable-two-factor-authentication) for that user. Instead, the Owner should tell the enterprise user to consider available [recovery options](../profile/account/two_factor_authentication.md#recovery-options).
diff --git a/doc/user/project/import/github.md b/doc/user/project/import/github.md
index 118e7caf123..e7732c02fdf 100644
--- a/doc/user/project/import/github.md
+++ b/doc/user/project/import/github.md
@@ -30,6 +30,7 @@ When importing projects:
 - The importer also imports branches on forks of projects related to open pull requests. These branches are
   imported with a naming scheme similar to `GH-SHA-username/pull-request-number/fork-name/branch`. This may lead to
   a discrepancy in branches compared to those of the GitHub repository.
+- The organization the repository belongs to must not impose restrictions of a [third-party application access policy](https://docs.github.com/en/organizations/managing-oauth-access-to-your-organizations-data/about-oauth-app-access-restrictions) on the GitLab instance you import to.
 
 <i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
 For an overview of the import process, see [Migrating from GitHub to GitLab](https://youtu.be/VYOXuOg9tQI).