Welcome to mirror list, hosted at ThFree Co, Russian Federation.

email_verification.md « security « doc - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/security/email_verification.md
blob: 667ee85bb01bfb71b97965205ca6dc5f340498fe (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

---
stage: Govern
group: Anti-Abuse
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

# Account email verification **(FREE ALL)**

> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86352) in GitLab 15.2 [with a flag](../administration/feature_flags.md) named `require_email_verification`. Disabled by default.

FLAG:
On self-managed GitLab, by default this feature is not available. To make it available, an administrator can [enable the feature flag](../administration/feature_flags.md) named `require_email_verification`. On GitLab.com, this feature is not available.

Account email verification provides an additional layer of GitLab account security.
When certain conditions are met, an account is locked. If your account is locked,
you must verify your identity or reset your password to sign in to GitLab.

<i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
For a demo, see [Require email verification - demo](https://www.youtube.com/watch?v=wU6BVEGB3Y0).

On GitLab.com, if you don't receive a verification email, select **Resend Code** before you contact the support team.

## Accounts without two-factor authentication (2FA)

An account is locked when either:

- There are three or more failed sign-in attempts in 24 hours.
- A user attempts to sign in from a new IP address and the
  `check_ip_address_for_email_verification` feature flag is enabled.

A locked account without 2FA is not unlocked automatically.

After a successful sign in, an email with a six-digit verification code is sent.
The verification code expires after 60 minutes.

To unlock your account, sign in and enter the verification code. You can also
[reset your password](https://gitlab.com/users/password/new).

## Accounts with 2FA or OAuth

An account is locked when there are ten or more failed sign-in attempts, or more than the
amount defined in the [configurable locked user policy](unlock_user.md#self-managed-users).

Accounts with 2FA or OAuth are automatically unlocked after ten minutes, or more than the
amount defined in the [configurable locked user policy](unlock_user.md#self-managed-users).
To unlock an account manually, reset your password.

## Related topics

- [Locked and blocked account support](https://about.gitlab.com/handbook/support/workflows/reinstating-blocked-accounts.html)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-12 23:49:51 +0300