Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
09a2f2db
Commit
09a2f2db
authored
Jun 06, 2016
by
Timothy Andrew
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add documentation for U2F registration & authentication.
parent
7232bdb9
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
57 additions
and
6 deletions
+57
-6
doc/profile/2fa_u2f_authenticate.png
doc/profile/2fa_u2f_authenticate.png
+0
-0
doc/profile/2fa_u2f_register.png
doc/profile/2fa_u2f_register.png
+0
-0
doc/profile/two_factor_authentication.md
doc/profile/two_factor_authentication.md
+57
-6
No files found.
doc/profile/2fa_u2f_authenticate.png
0 → 100644
View file @
09a2f2db
53.1 KB
doc/profile/2fa_u2f_register.png
0 → 100644
View file @
09a2f2db
110 KB
doc/profile/two_factor_authentication.md
View file @
09a2f2db
...
@@ -8,12 +8,27 @@ your phone.
...
@@ -8,12 +8,27 @@ your phone.
By enabling 2FA, the only way someone other than you can log into your account
By enabling 2FA, the only way someone other than you can log into your account
is to know your username and password
*and*
have access to your phone.
is to know your username and password
*and*
have access to your phone.
#### Note
> **Note:**
When you enable 2FA, don't forget to back up your recovery codes. For your safety, if you
When you enable 2FA, don't forget to back up your recovery codes. For your safety, if you
lose your codes for GitLab.com, we can't disable or recover them.
lose your codes for GitLab.com, we can't disable or recover them.
In addition to a phone application, GitLab supports U2F (universal 2nd factor) devices as
the second factor of authentication. Once enabled, in addition to supplying your username and
password to login, you'll be prompted to activate your U2F device (usually by pressing
a button on it), and it will perform secure authentication on your behalf.
> **Note:** Support for U2F devices was added in version 8.8
The U2F workflow is only supported by Google Chrome at this point, so we _strongly_ recommend
that you set up both methods of two-factor authentication, so you can still access your account
from other browsers.
> **Note:** GitLab officially only supports [Yubikey] U2F devices.
## Enabling 2FA
## Enabling 2FA
### Enable 2FA via mobile application
**In GitLab:**
**In GitLab:**
1.
Log in to your GitLab account.
1.
Log in to your GitLab account.
...
@@ -38,9 +53,26 @@ lose your codes for GitLab.com, we can't disable or recover them.
...
@@ -38,9 +53,26 @@ lose your codes for GitLab.com, we can't disable or recover them.
1.
Click
**Submit**
.
1.
Click
**Submit**
.
If the pin you entered was correct, you'll see a message indicating that
If the pin you entered was correct, you'll see a message indicating that
Two-
f
actor Authentication has been enabled, and you'll be presented with a list
Two-
F
actor Authentication has been enabled, and you'll be presented with a list
of recovery codes.
of recovery codes.
### Enable 2FA via U2F device
**In GitLab:**
1.
Log in to your GitLab account.
1.
Go to your
**Profile Settings**
.
1.
Go to
**Account**
.
1.
Click
**Enable Two-Factor Authentication**
.
1.
Plug in your U2F device.
1.
Click on
**Setup New U2F Device**
.
1.
A light will start blinking on your device. Activate it by pressing its button.
You will see a message indicating that your device was successfully set up.
Click on
**Register U2F Device**
to complete the process.
![
Two-Factor U2F Setup
](
2fa_u2f_register.png
)
## Recovery Codes
## Recovery Codes
Should you ever lose access to your phone, you can use one of the ten provided
Should you ever lose access to your phone, you can use one of the ten provided
...
@@ -51,21 +83,39 @@ account.
...
@@ -51,21 +83,39 @@ account.
If you lose the recovery codes or just want to generate new ones, you can do so
If you lose the recovery codes or just want to generate new ones, you can do so
from the
**Profile Settings**
>
**Account**
page where you first enabled 2FA.
from the
**Profile Settings**
>
**Account**
page where you first enabled 2FA.
> **Note:** Recovery codes are not generated for U2F devices.
## Logging in with 2FA Enabled
## Logging in with 2FA Enabled
Logging in with 2FA enabled is only slightly different than a normal login.
Logging in with 2FA enabled is only slightly different than a normal login.
Enter your username and password credentials as you normally would, and you'll
Enter your username and password credentials as you normally would, and you'll
be presented with a second prompt for an authentication code. Enter the pin from
be presented with a second prompt, depending on which type of 2FA you've enabled.
your phone's application or a recovery code to log in.
### Log in via mobile application
Enter the pin from your phone's application or a recovery code to log in.
![
Two-factor authentication on sign in
](
2fa_auth.png
)
![
Two-Factor Authentication on sign in via OTP
](
2fa_auth.png
)
### Log in via U2F device
1.
Click
**Login via U2F Device**
1.
A light will start blinking on your device. Activate it by pressing its button.
You will see a message indicating that your device responded to the authentication request.
Click on
**Authenticate via U2F Device**
to complete the process.
![
Two-Factor Authentication on sign in via U2F device
](
2fa_u2f_authenticate.png
)
## Disabling 2FA
## Disabling 2FA
1.
Log in to your GitLab account.
1.
Log in to your GitLab account.
1.
Go to your
**Profile Settings**
.
1.
Go to your
**Profile Settings**
.
1.
Go to
**Account**
.
1.
Go to
**Account**
.
1.
Click
**Disable Two-factor Authentication**
.
1.
Click
**Disable**
, under
**Two-Factor Authentication**
.
This will clear all your two-factor authentication registrations, including mobile
applications and U2F devices.
## Note to GitLab administrators
## Note to GitLab administrators
...
@@ -74,3 +124,4 @@ You need to take special care to that 2FA keeps working after
...
@@ -74,3 +124,4 @@ You need to take special care to that 2FA keeps working after
[
Google Authenticator
]:
https://support.google.com/accounts/answer/1066447?hl=en
[
Google Authenticator
]:
https://support.google.com/accounts/answer/1066447?hl=en
[
FreeOTP
]:
https://fedorahosted.org/freeotp/
[
FreeOTP
]:
https://fedorahosted.org/freeotp/
[
YubiKey
]:
https://www.yubico.com/products/yubikey-hardware/
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment