--- type: reference --- # Sign-in restrictions **(CORE ONLY)** You can use **Sign-in restrictions** to customize authentication restrictions for web interfaces as well as Git over HTTP(S). ## Settings To access sign-in restriction settings: 1. Navigate to the **Admin Area > Settings > General**. 1. Expand the **Sign-in restrictions** section. ## Password authentication enabled You can restrict the password authentication for web interface and Git over HTTP(S): - **Web interface**: When this feature is disabled, an [external authentication provider](../../../administration/auth/README.md) must be used. - **Git over HTTP(S)**: When this feature is disabled, a [Personal Access Token](../../profile/personal_access_tokens.md) must be used to authenticate. ## Two-factor authentication When this feature enabled, all users will have to use the [two-factor authentication](../../profile/account/two_factor_authentication.md). Once the two-factor authentication is configured as mandatory, the users will be allowed to skip forced configuration of two-factor authentication for the configurable grace period in hours. ![Two-factor grace period](img/two_factor_grace_period.png) ## Email notification for unknown sign-ins > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/218457) in GitLab 13.2. When enabled, GitLab notifies users of sign-ins from unknown IP addresses or devices. For more information, see [Email notification for unknown sign-ins](../../profile/unknown_sign_in_notification.md). ![Email notification for unknown sign-ins](img/email_notification_for_unknown_sign_ins_v13_2.png) ## Sign-in information All users that are not logged-in will be redirected to the page represented by the configured "Home page URL" if value is not empty. All users will be redirect to the page represented by the configured "After sign out path" after sign out if value is not empty. If a "Sign in text" in Markdown format is provided, then every user will be presented with this message after logging-in.