13 files changed, 226 insertions, 37 deletions

diff --git a/doc/user/admin_area/activating_deactivating_users.md b/doc/user/admin_area/activating_deactivating_users.md
new file mode 100644
index 00000000000..78a07f4a04e
--- /dev/null
+++ b/doc/user/admin_area/activating_deactivating_users.md
@@ -0,0 +1,66 @@
+---
+type: howto
+---
+
+# Activating and deactivating users
+
+GitLab administrators can deactivate and activate users.
+
+## Deactivating a user
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/63921) in GitLab 12.4.
+
+In order to temporarily prevent access by a GitLab user that has no recent activity, administrators
+can choose to deactivate the user.
+
+Deactivating a user is functionally identical to [blocking a user](blocking_unblocking_users.md),
+with the following differences:
+
+- It does not prohibit the user from logging back in via the UI.
+- Once a deactivated user logs back into the GitLab UI, their account is set to active.
+
+A deactivated user:
+
+- Cannot access Git repositories or the API.
+- Will not receive any notifications from GitLab.
+- Will not be able to use [slash commands](../../integration/slash_commands.md).
+
+Personal projects, and group and user history of the deactivated user will be left intact.
+
+A user can be deactivated from the Admin Area. To do this:
+
+1. Navigate to  **Admin Area > Overview > Users**.
+1. Select a user.
+1. Under the **Account** tab, click **Deactivate user**.
+
+Please note that for the deactivation option to be visible to an admin, the user:
+
+- Must be currently active.
+- Should not have any activity in the last 180 days.
+
+Users can also be deactivated using the [GitLab API](../../api/users.html#deactivate-user).
+
+NOTE: **Note:**
+A deactivated user does not consume a [seat](../../subscriptions/index.md#managing-subscriptions).
+
+## Activating a user
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/63921) in GitLab 12.4.
+
+A deactivated user can be activated from the Admin Area.
+
+To do this:
+
+1. Navigate to  **Admin Area > Overview > Users**.
+1. Click on the **Deactivated** tab.
+1. Select a user.
+1. Under the **Account** tab, click **Activate user**.
+
+Users can also be activated using the [GitLab API](../../api/users.html#activate-user).
+
+NOTE: **Note:**
+Activating a user will change the user's state to active and it consumes a
+[seat](../../subscriptions/index.md#managing-subscriptions).
+
+TIP: **Tip:**
+A deactivated user can also activate their account by themselves by simply logging back via the UI.
diff --git a/doc/user/admin_area/blocking_unblocking_users.md b/doc/user/admin_area/blocking_unblocking_users.md
new file mode 100644
index 00000000000..8868170169e
--- /dev/null
+++ b/doc/user/admin_area/blocking_unblocking_users.md
@@ -0,0 +1,48 @@
+---
+type: howto
+---
+
+# Blocking and unblocking users
+
+GitLab administrators block and unblock users.
+
+## Blocking a user
+
+In order to completely prevent access of a user to the GitLab instance, administrators can choose to
+block the user.
+
+Users can be blocked [via an abuse report](abuse_reports.md#blocking-users),
+or directly from the Admin Area. To do this:
+
+1. Navigate to  **Admin Area > Overview > Users**.
+1. Select a user.
+1. Under the **Account** tab, click **Block user**.
+
+A blocked user:
+
+- Will not be able to login.
+- Cannot access Git repositories or the API.
+- Will not receive any notifications from GitLab.
+- Will not be able to use [slash commands](../../integration/slash_commands.md).
+
+Personal projects, and group and user history of the blocked user will be left intact.
+
+Users can also be blocked using the [GitLab API](../../api/users.html#block-user).
+
+NOTE: **Note:**
+A blocked user does not consume a [seat](../../subscriptions/index.md#managing-subscriptions).
+
+## Unblocking a user
+
+A blocked user can be unblocked from the Admin Area. To do this:
+
+1. Navigate to  **Admin Area > Overview > Users**.
+1. Click on the **Blocked** tab.
+1. Select a user.
+1. Under the **Account** tab, click **Unblock user**.
+
+Users can also be unblocked using the [GitLab API](../../api/users.html#unblock-user).
+
+NOTE: **Note:**
+Unblocking a user will change the user's state to active and it consumes a
+[seat](../../subscriptions/index.md#managing-subscriptions).
diff --git a/doc/user/admin_area/diff_limits.md b/doc/user/admin_area/diff_limits.md
index 5117b5f476f..4e24c25de8f 100644
--- a/doc/user/admin_area/diff_limits.md
+++ b/doc/user/admin_area/diff_limits.md
@@ -6,7 +6,7 @@ type: reference
 
 You can set a maximum size for display of diff files (patches).
 
-For details about diff files, [View changes between files](../project/merge_requests/index.md#view-changes-between-file-versions).
+For details about diff files, [View changes between files](../project/merge_requests/reviewing_and_managing_merge_requests.md#view-changes-between-file-versions).
 
 ## Maximum diff patch size
 
diff --git a/doc/user/admin_area/index.md b/doc/user/admin_area/index.md
index c75a8bcac79..35cb2b42c56 100644
--- a/doc/user/admin_area/index.md
+++ b/doc/user/admin_area/index.md
@@ -112,8 +112,8 @@ To list users matching a specific criteria, click on one of the following tabs o
 - **2FA Enabled**
 - **2FA Disabled**
 - **External**
-- **Blocked**
-- **Deactivated**
+- **[Blocked](blocking_unblocking_users.md)**
+- **[Deactivated](activating_deactivating_users.md)**
 - **Without projects**
 
 For each user, their username, email address, are listed, also the date their account was
diff --git a/doc/user/admin_area/monitoring/health_check.md b/doc/user/admin_area/monitoring/health_check.md
index 6439607de33..103d7ecc573 100644
--- a/doc/user/admin_area/monitoring/health_check.md
+++ b/doc/user/admin_area/monitoring/health_check.md
@@ -13,7 +13,7 @@ type: concepts, howto
 GitLab provides liveness and readiness probes to indicate service health and
 reachability to required services. These probes report on the status of the
 database connection, Redis connection, and access to the filesystem. These
-endpoints [can be provided to schedulers like Kubernetes][kubernetes] to hold
+endpoints [can be provided to schedulers like Kubernetes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) to hold
 traffic until the system is ready or restart the container as needed.
 
 ## IP whitelist
@@ -39,7 +39,11 @@ GET http://localhost/-/liveness
 
 ## Health
 
-Checks whether the application server is running. It does not verify the database or other services are running.
+Checks whether the application server is running.
+It does not verify the database or other services
+are running. This endpoint circumvents Rails Controllers
+and is implemented as additional middleware `BasicHealthCheck`
+very early into the request processing lifecycle.
 
 ```text
 GET /-/health
@@ -59,10 +63,17 @@ GitLab OK
 
 ## Readiness
 
-The readiness probe checks whether the GitLab instance is ready to use. It checks the dependent services (Database, Redis, Gitaly etc.) and gives a status for each.
+The readiness probe checks whether the GitLab instance is ready
+to accept traffic via Rails Controllers. The check by default
+does validate only instance-checks.
+
+If the `all=1` parameter is specified, the check will also validate
+the dependent services (Database, Redis, Gitaly etc.)
+and gives a status for each.
 
 ```text
 GET /-/readiness
+GET /-/readiness?all=1
 ```
 
 Example request:
@@ -75,37 +86,30 @@ Example response:
 
 ```json
 {
-   "db_check":{
+   "master_check":[{
       "status":"failed",
-      "message": "unexpected Db check result: 0"
-   },
-   "redis_check":{
-      "status":"ok"
-   },
-   "cache_check":{
-      "status":"ok"
-   },
-   "queues_check":{
-      "status":"ok"
-   },
-   "shared_state_check":{
-      "status":"ok"
-   },
-   "gitaly_check":{
-      "status":"ok",
-      "labels":{
-         "shard":"default"
-         }
-      }
-   }
+      "message": "unexpected Master check result: false"
+   }],
+   ...
+}
 ```
 
+On failure, the endpoint will return a `503` HTTP status code.
+
+This check does hit the database and Redis if authenticated via `token`.
+
+This check is being exempt from Rack Attack.
+
 ## Liveness
 
 DANGER: **Warning:**
-In Gitlab [12.4](https://about.gitlab.com/upcoming-releases/) the response body of the Liveness check will change to match the example below.
+In Gitlab [12.4](https://about.gitlab.com/upcoming-releases/)
+the response body of the Liveness check was changed
+to match the example below.
 
-The liveness probe checks whether the application server is alive. Unlike the [`health`](#health) check, this check hits the database.
+Checks whether the application server is running.
+This probe is used to know if Rails Controllers
+are not deadlocked due to a multi-threading.
 
 ```text
 GET /-/liveness
@@ -127,7 +131,9 @@ On success, the endpoint will return a `200` HTTP status code, and a response li
 }
 ```
 
-On failure, the endpoint will return a `500` HTTP status code.
+On failure, the endpoint will return a `503` HTTP status code.
+
+This check is being exempt from Rack Attack.
 
 ## Access token (Deprecated)
 
@@ -163,4 +169,3 @@ but commented out to help encourage others to add to it in the future. -->
 [pingdom]: https://www.pingdom.com
 [nagios-health]: https://nagios-plugins.org/doc/man/check_http.html
 [newrelic-health]: https://docs.newrelic.com/docs/alerts/alert-policies/downtime-alerts/availability-monitoring
-[kubernetes]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
diff --git a/doc/user/admin_area/settings/account_and_limit_settings.md b/doc/user/admin_area/settings/account_and_limit_settings.md
index a1beee404eb..e443127a8a0 100644
--- a/doc/user/admin_area/settings/account_and_limit_settings.md
+++ b/doc/user/admin_area/settings/account_and_limit_settings.md
@@ -32,7 +32,7 @@ For instance, consider the following workflow:
 
 1. Your team develops apps which require large files to be stored in
    the application repository.
-1. Although you have enabled [Git LFS](../../../workflow/lfs/manage_large_binaries_with_git_lfs.md#git-lfs)
+1. Although you have enabled [Git LFS](../../../administration/lfs/manage_large_binaries_with_git_lfs.md#git-lfs)
    to your project, your storage has grown significantly.
 1. Before you exceed available storage, you set up a limit of 10 GB
    per repository.
diff --git a/doc/user/admin_area/settings/continuous_integration.md b/doc/user/admin_area/settings/continuous_integration.md
index c60b3323105..f775dd8bbb4 100644
--- a/doc/user/admin_area/settings/continuous_integration.md
+++ b/doc/user/admin_area/settings/continuous_integration.md
@@ -134,6 +134,19 @@ Once that time passes, the jobs will be archived and no longer able to be
 retried. Make it empty to never expire jobs. It has to be no less than 1 day,
 for example: <code>15 days</code>, <code>1 month</code>, <code>2 years</code>.
 
+## Default CI configuration path
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/18073) in GitLab 12.5.
+
+The default CI configuration file path for new projects can be set in the Admin
+area of your GitLab instance (`.gitlab-ci.yml` if not set):
+
+1. Go to **Admin area > Settings > Continuous Integration and Deployment**.
+1. Input the new path in the **Default CI configuration path** field.
+1. Hit **Save changes** for the changes to take effect.
+
+It is also possible to specify a [custom CI configuration path for a specific project](../../project/pipelines/settings.md#custom-ci-configuration-path).
+
 <!-- ## Troubleshooting
 
 Include any troubleshooting steps that you can foresee. If you know beforehand what issues
diff --git a/doc/user/admin_area/settings/email.md b/doc/user/admin_area/settings/email.md
index 6026f9dc735..4611d5f5c77 100644
--- a/doc/user/admin_area/settings/email.md
+++ b/doc/user/admin_area/settings/email.md
@@ -8,7 +8,7 @@ You can customize some of the content in emails sent from your GitLab instance.
 
 ## Custom logo
 
-The logo in the header of some emails can be customized, see the [logo customization section](../../../customization/branded_page_and_email_header.md).
+The logo in the header of some emails can be customized, see the [logo customization section](../appearance.md#navigation-bar).
 
 ## Custom additional text **(PREMIUM ONLY)**
 
diff --git a/doc/user/admin_area/settings/img/two_factor_grace_period.png b/doc/user/admin_area/settings/img/two_factor_grace_period.png
new file mode 100644
index 00000000000..e7fb52969aa
--- /dev/null
+++ b/doc/user/admin_area/settings/img/two_factor_grace_period.png
diff --git a/doc/user/admin_area/settings/index.md b/doc/user/admin_area/settings/index.md
index 4ca91ae5339..42f496bfbfa 100644
--- a/doc/user/admin_area/settings/index.md
+++ b/doc/user/admin_area/settings/index.md
@@ -14,6 +14,7 @@ include:
 - [Continuous Integration and Deployment](continuous_integration.md)
 - [Email](email.md)
 - [Sign up restrictions](sign_up_restrictions.md)
+- [Sign in restrictions](sign_in_restrictions.md)
 - [Terms](terms.md)
 - [Third party offers](third_party_offers.md)
 - [Usage statistics](usage_statistics.md)
diff --git a/doc/user/admin_area/settings/sign_in_restrictions.md b/doc/user/admin_area/settings/sign_in_restrictions.md
new file mode 100644
index 00000000000..0975766400f
--- /dev/null
+++ b/doc/user/admin_area/settings/sign_in_restrictions.md
@@ -0,0 +1,56 @@
+---
+type: reference
+---
+
+# Sign-in restrictions **(CORE ONLY)**
+
+You can use sign-in restrictions to limit the authentication with password
+for web interface and Git over HTTP(S), two-factor authentication enforcing, as well as
+as configuring the home page URL and after sign-out path.
+
+## Password authentication enabled
+
+You can restrict the password authentication for web interface and Git over HTTP(S):
+
+- **Web interface**: When this feature is disabled, an [external authentication provider](../../../administration/auth/README.md) must be used.
+- **Git over HTTP(S)**: When this feature is disabled, a [Personal Access Token](../../profile/personal_access_tokens.md) must be used to authenticate.
+
+## Two-factor authentication
+
+When this feature enabled, all users will have to use the [two-factor authentication](../../profile/account/two_factor_authentication.md).
+
+Once the two-factor authentication is configured as mandatory, the users will be allowed
+to skip forced configuration of two-factor authentication for the configurable grace
+period in hours.
+
+![Two-factor grace period](img/two_factor_grace_period.png)
+
+## Sign-in information
+
+All users that are not logged-in will be redirected to the page represented by the configured
+"Home page URL" if value is not empty.
+
+All users will be redirect to the page represented by the configured "After sign out path"
+after sign out if value is not empty.
+
+If a "Sign in text" in Markdown format is provided, then every user will be presented with
+this message after logging-in.
+
+## Settings
+
+To access this feature:
+
+1. Navigate to the **Settings > General** in the Admin area.
+1. Expand the **Sign-in restrictions** section.
+
+<!-- ## Troubleshooting
+
+Include any troubleshooting steps that you can foresee. If you know beforehand what issues
+one might have when setting this up, or when something is changed, or on upgrading, it's
+important to describe those, too. Think of things that may go wrong and include them here.
+This is important to minimize requests for support, and to avoid doc comments with
+questions that you know someone might ask.
+
+Each scenario can be a third-level heading, e.g. `### Getting error message X`.
+If you have none to add when creating a doc, leave this section in place
+but commented out to help encourage others to add to it in the future. -->
diff --git a/doc/user/admin_area/settings/usage_statistics.md b/doc/user/admin_area/settings/usage_statistics.md
index 98126f72a78..81edd9eac34 100644
--- a/doc/user/admin_area/settings/usage_statistics.md
+++ b/doc/user/admin_area/settings/usage_statistics.md
@@ -31,7 +31,7 @@ patches will need to be backported, making sure active GitLab instances remain
 secure.
 
 If you disable version check, this information will not be collected.  Enable or
-disable the version check at **Admin area > Settings > Usage statistics**.
+disable the version check at **Admin area > Settings > Metrics and profiling > Usage statistics**.
 
 ## Usage ping **(CORE ONLY)**
 
@@ -85,7 +85,7 @@ will be able to show [usage statistics](../../instance_statistics/index.md)
 of your instance to your users.
 
 This can be restricted to admins by selecting "Only admins" in the Instance
-Statistics visibility section under **Admin area > Settings > Usage statistics**.
+Statistics visibility section under **Admin area > Settings > Metrics and profiling > Usage statistics**.
 
 <!-- ## Troubleshooting
 
diff --git a/doc/user/admin_area/settings/visibility_and_access_controls.md b/doc/user/admin_area/settings/visibility_and_access_controls.md
index f718e31e8bd..73406fd5037 100644
--- a/doc/user/admin_area/settings/visibility_and_access_controls.md
+++ b/doc/user/admin_area/settings/visibility_and_access_controls.md
@@ -177,7 +177,7 @@ For more details, see [SSH key restrictions](../../../security/ssh_keys_restrict
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3586) in GitLab 10.3.
 
-This option is enabled by default. By disabling it, both [pull and push mirroring](../../../workflow/repository_mirroring.md) will no longer
+This option is enabled by default. By disabling it, both [pull and push mirroring](../../project/repository/repository_mirroring.md) will no longer
 work in every repository and can only be re-enabled by an admin on a per-project basis.
 
 ![Mirror settings](img/mirror_settings.png)