Disabling 2FA does not disable enforcement rules

c5e82070 · Anton Smith · Mike Jang · 2ac488ff · c5e82070
Commit c5e82070 authored Sep 30, 2020 by Anton Smith Committed by Mike Jang Sep 30, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 0 deletions

doc/security/two_factor_authentication.md doc/security/two_factor_authentication.md +11 -0

No files found.
--- a/doc/security/two_factor_authentication.md
+++ b/doc/security/two_factor_authentication.md
@@ -68,6 +68,17 @@ The following are important notes about 2FA:

 ## Disabling 2FA for everyone

+CAUTION: **Caution:**
+Disabling 2FA for everyone does not disable the [enforce 2FA for all users](#enforcing-2fa-for-all-users)
+or [enforce 2FA for all users in a group](#enforcing-2fa-for-all-users-in-a-group)
+settings. In addition to the steps in this section, you will need to disable any enforced 2FA
+settings so users aren't asked to set up 2FA again, the next time the user signs in to GitLab.
+Disabling 2FA for everyone does not disable the [enforce 2FA for all users](#enforcing-2fa-for-all-users)
+or [enforce 2FA for all users in a group](#enforcing-2fa-for-all-users-in-a-group)
+settings if they have been configured. In addition to the steps in this section,
+you will need to disable any enforced 2FA settings so users aren't asked to setup
+2FA again when the next login to GitLab.
+
 There may be some special situations where you want to disable 2FA for everyone
 even when forced 2FA is disabled. There is a Rake task for that: