Add latest changes from gitlab-org/gitlab@master

7 files changed, 56 insertions, 3 deletions

diff --git a/doc/user/admin_area/approving_users.md b/doc/user/admin_area/approving_users.md
new file mode 100644
index 00000000000..a8537666581
--- /dev/null
+++ b/doc/user/admin_area/approving_users.md
@@ -0,0 +1,36 @@
+---
+stage: Manage
+group: Access
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+type: howto
+---
+
+# Users pending approval
+
+> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4491) in GitLab 13.5.
+
+When [Require admin approval for new sign-ups](settings/sign_up_restrictions.md#require-admin-approval-for-new-sign-ups) is enabled, any user that signs up for an account using the registration form is placed under a **Pending approval** state.
+
+A user pending approval is functionally identical to a [blocked](blocking_unblocking_users.md) user. 
+
+A user pending approval:
+
+- Will not be able to sign in.
+- Cannot access Git repositories or the API.
+- Will not receive any notifications from GitLab.
+- Does not consume a [seat](../../subscriptions/self_managed/index.md#choose-the-number-of-users).
+
+## Approving a user
+
+A user that is pending approval can be approved from the Admin Area. To do this:
+
+1. Navigate to  **Admin Area > Overview > Users**.
+1. Click on the **Pending approval** tab.
+1. Select a user.
+1. Under the **Account** tab, click **Approve user**.
+
+Approving a user:
+
+1. Activates their account.
+1. Changes the user's state to active and it consumes a
+[seat](../../subscriptions/self_managed/index.md#choose-the-number-of-users).
diff --git a/doc/user/admin_area/credentials_inventory.md b/doc/user/admin_area/credentials_inventory.md
index e66d5b81d0d..b17d0ab3dd5 100644
--- a/doc/user/admin_area/credentials_inventory.md
+++ b/doc/user/admin_area/credentials_inventory.md
@@ -11,7 +11,7 @@ type: howto
 
 GitLab administrators are responsible for the overall security of their instance. To assist, GitLab provides a Credentials inventory to keep track of all the credentials that can be used to access their self-managed instance.
 
-Using Credentials inventory, you can see all the personal access tokens (PAT) and SSH keys that exist in your GitLab instance. In addition, you can [revoke them](#revoke-a-users-personal-access-token) and see:
+Using Credentials inventory, you can see all the personal access tokens (PAT) and SSH keys that exist in your GitLab instance. In addition, you can [revoke](#revoke-a-users-personal-access-token) and [delete](#delete-a-users-ssh-key) and see:
 
 - Who they belong to.
 - Their access scope.
@@ -27,7 +27,7 @@ The following is an example of the Credentials inventory page:
 
 ## Revoke a user's personal access token
 
-[Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214811) in GitLab 13.4.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214811) in GitLab 13.4.
 
 If you see a **Revoke** button, you can revoke that user's PAT. Whether you see a **Revoke** button depends on the token state, and if an expiration date has been set. For more information, see the following table:
 
@@ -39,3 +39,11 @@ If you see a **Revoke** button, you can revoke that user's PAT. Whether you see
 | Expired     | No                     | Yes                | The administrator may revoke the PAT to prevent indefinite use             |
 | Revoked     | Yes                    | No                 | Not applicable; token is already revoked                                   |
 | Revoked     | No                     | No                 | Not applicable; token is already revoked                                   |
+
+## Delete a user's SSH key
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/225248) in GitLab 13.5.
+
+You can **Delete** a user's SSH key by navigating to the credentials inventory's SSH Keys tab.
+
+![Credentials inventory page - SSH keys](img/credentials_inventory_ssh_keys_v13_5.png)
diff --git a/doc/user/admin_area/img/credentials_inventory_ssh_keys_v13_5.png b/doc/user/admin_area/img/credentials_inventory_ssh_keys_v13_5.png
new file mode 100644
index 00000000000..f5edf513bbf
--- /dev/null
+++ b/doc/user/admin_area/img/credentials_inventory_ssh_keys_v13_5.png
diff --git a/doc/user/admin_area/settings/img/email_confirmation_v12_7.png b/doc/user/admin_area/settings/img/email_confirmation_v12_7.png
deleted file mode 100644
index 6bcadb63b9a..00000000000
--- a/doc/user/admin_area/settings/img/email_confirmation_v12_7.png
+++ /dev/null
diff --git a/doc/user/admin_area/settings/img/sign_up_restrictions_v13_5.png b/doc/user/admin_area/settings/img/sign_up_restrictions_v13_5.png
new file mode 100644
index 00000000000..ebbfad77e69
--- /dev/null
+++ b/doc/user/admin_area/settings/img/sign_up_restrictions_v13_5.png
diff --git a/doc/user/admin_area/settings/sign_up_restrictions.md b/doc/user/admin_area/settings/sign_up_restrictions.md
index 80092102091..f57cf7c2045 100644
--- a/doc/user/admin_area/settings/sign_up_restrictions.md
+++ b/doc/user/admin_area/settings/sign_up_restrictions.md
@@ -7,6 +7,7 @@ type: reference
 You can use sign-up restrictions to:
 
 - Disable new sign-ups.
+- Require admin approval for new sign-ups.
 - Require user email confirmation.
 - Denylist or allowlist email addresses belonging to specific domains.
 
@@ -32,12 +33,20 @@ Alternatively, you could also consider setting up a
 [allowlist](#allowlist-email-domains) or [denylist](#denylist-email-domains) on
 email domains to prevent malicious users from creating accounts.
 
+## Require admin approval for new sign-ups
+
+> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4491) in GitLab 13.5.
+
+When this setting is enabled, any user visiting your GitLab domain and signing up for a new account will have to be explicitly [approved](../approving_users.md#approving-a-user) by an administrator before they can start using their account.
+
+![Require admin approval for new signups](img/sign_up_restrictions_v13_5.png)
+
 ## Require email confirmation
 
 You can send confirmation emails during sign-up and require that users confirm
 their email address before they are allowed to sign in.
 
-![Email confirmation](img/email_confirmation_v12_7.png)
+![Email confirmation](img/sign_up_restrictions_v13_5.png)
 
 ## Minimum password length limit
 
diff --git a/doc/user/img/gitlab_snippet_v13_5.png b/doc/user/img/gitlab_snippet_v13_5.png
index f824aa6bf4f..3fce1d25c3d 100644
--- a/doc/user/img/gitlab_snippet_v13_5.png
+++ b/doc/user/img/gitlab_snippet_v13_5.png