Use this when a request to disable 2FA on GitLab.com is received.
Two-factor Authentication (2FA) can only be removed from a GitLab.com account under the following circumstances:
Users can generate new recovery codes using SSH, if they've previously added SSH public keys to their profile. The new recovery codes can then be used at sign in. This option is presented to users in the Zendesk macro. If they cannot use this method then move on to the manual methods below.
ssh firstname.lastname@example.org 2fa_recovery_codes
Users can try and login using their saved two-factor recovery codes.
If a user has lost their account recovery codes and has no SSH key registered, proving they own the account can be difficult. In these cases, please use the Risk Factor Worksheet
Note: as of Aug 2018 GitLab is no longer accepting government issued ID as proof of account ownership
Verify the originating email is the same as is on the account.
Select an apporpriate number of challenges from the Risk Factor Worksheet
Have the user go through the selected challenges and fill the worksheet to assess the risk
If the user is a GitLab employee, follow the below process:
Perform steps for SSH key and recovery codes, if possible.
Confirm authenticity of the request by contacting the employee via phone or video call.