You are here: 2FA Removal On this page Overview
Use this when a request to disable 2FA on GitLab.com is received.
Two-factor Authentication (2FA) can only be removed from a GitLab.com account under the following circumstances: User has a valid SSH key:
Users can generate new recovery codes using SSH, if they've previously added SSH public keys to their profile. The new recovery codes can then be used at sign in. This option is presented to users in the Zendesk macro. If they cannot use this method then move on to the manual methods below.
ssh firstname.lastname@example.org 2fa_recovery_codes
User has recovery codes
Users can try and login using your saved
two-factor recovery codes User can provide evidence of account ownership:
Government issued ID Repository verification Workflow Apply the "Account::2FA Removal Verification - GitLab.com" Macro Mark the ticket as "Pending" If the user in unable to remove his 2FA from the above 2 methodas and User responds with ID verification
Verify if the originating email is the same as is on the account.
There should 2 images that are required.
Photo ID and
picture of owner holding the Photo ID that is shared.
Ensure the provided photo includes the persons face and ID.
Ensure the provided ID is one of the following: Driver's License Passport Military/Government ID Permanent Resident Cards Confirm the ID matches the users last and first name on the GitLab.com account. Verify if that is not an expired ID. Only reset 2FA if the name on the account matches the name on the ID. If you can't read the ID, coordinate with a native language speaker To disable, log into your admin account and locate the username in the users table or by going to 'https://gitlab.com/admin/users/usernamegoeshere'
Under the account tab, disable 2FA.
Provided the ID matches, use the Account::2FA Removal Verification - GitLab.com - Successful Macro Mark the ticket as "Solved" User responds with repository verification Verify the file uploaded File contains the provided text string. File has been uploaded to a "Personal Repository" Apply an "Internal Comment" with a link to the commit (if not already included) Apply the ID matches, use the Account::2FA Removal Verification - GitLab.com - Successful Macro Failed to verify provided ID or repository Apply the Account::2FA Removal Verification - GitLab.com - Failed Macro User is unable to provide verification
If the user claims they're unable to provide identification we should review the matter internally (Support Team) and determine the best course of action.
Macros GitLab Team Members 2FA Removal
If the user is a GitLab employee, follow the below process:
Perform steps for SSH key and recovery codes, if possible.
Confirm authenticity of the request by contacting the employee via phone or video call.