Ensure all Gitlab groups require two factor authentication
Error: Gitlab organization has groups with no two factor authentication configured
Bridgecrew Policy ID: BC_ORG_GITLAB_1
Checkov Check ID: CKV_GITLAB_2
Severity: HIGH
Gitlab organization has groups with no two factor authentication configured
Description
In GitLab, Two-factor authentication (2FA) provides an additional level of security to user accounts. When enabled, users are prompted for a code generated by an application in addition to supplying their username and password to sign in.
Fix - Buildtime
GitLab
Enable 2FA for all users:
- On the top bar, select Menu > Admin.
- On the left sidebar, select Settings > General (/admin/application_settings/general).
- Expand the Sign-in restrictions section, where you can configure both.
Enforce 2FA only for certain groups:
- Go to the group’s Settings > General page.
- Expand the Permissions and group features section.
- Select the Require all users in this group to set up two-factor authentication option.
Updated 4 months ago