2FA Removal

On this page


Overview

Use this when a request to disable 2FA on GitLab.com is received.

Notes:

Two-factor Authentication (2FA) can only be removed from a GitLab.com account under the following circumstances:

User has a valid SSH key:

Users can generate new recovery codes using SSH, if they've previously added SSH public keys to their profile. The new recovery codes can then be used at sign in. This option is presented to users in the Zendesk macro. If they cannot use this method then move on to the manual methods below.

ssh git@gitlab.com 2fa_recovery_codes

User has recovery codes

Users can try and login using your saved two-factor recovery codes

User can provide evidence of account ownership:

Through:


Workflow
  1. Apply the "Account::2FA Removal Verification - GitLab.com" Macro
  2. Mark the ticket as "Pending"
If the user in unable to remove his 2FA from the above 2 methodas and User responds with ID verification
  1. Verify if the originating email is the same as is on the account.

  2. There should 2 images that are required.Photo ID and picture of owner holding the Photo ID that is shared.
  3. Ensure the provided photo includes the persons face and ID.

  4. Ensure the provided ID is one of the following:
    • Driver's License
    • Passport
    • Military/Government ID
    • Permanent Resident Cards
  5. Confirm the ID matches the users last and first name on the GitLab.com account.
  6. Verify if that is not an expired ID.
  7. Only reset 2FA if the name on the account matches the name on the ID. If you can't read the ID, coordinate with a native language speaker

  8. Provided the ID matches, use the Account::2FA Removal Verification - GitLab.com - Successful Macro
  9. Mark the ticket as "Solved"
User responds with repository verification
  1. Verify the file uploaded
    • File contains the provided text string.
    • File has been uploaded to a "Personal Repository"
  2. Apply an "Internal Comment" with a link to the commit (if not already included)
  3. Apply the ID matches, use the Account::2FA Removal Verification - GitLab.com - Successful Macro
Failed to verify provided ID or repository
  1. Apply the Account::2FA Removal Verification - GitLab.com - Failed Macro
User is unable to provide verification

If the user claims they're unable to provide identification we should review the matter internally (Support Team) and determine the best course of action.


Macros