Ensure all Gitlab groups require two factor authentication

Error: Gitlab organization has groups with no two factor authentication configured
Bridgecrew Policy ID: BC_ORG_GITLAB_1
Checkov Check ID: CKV_GITLAB_2
Severity: HIGH

Gitlab organization has groups with no two factor authentication configured

Description

In GitLab, Two-factor authentication (2FA) provides an additional level of security to user accounts. When enabled, users are prompted for a code generated by an application in addition to supplying their username and password to sign in.

Fix - Buildtime

GitLab

Enable 2FA for all users:

  1. On the top bar, select Menu > Admin.
  2. On the left sidebar, select Settings > General (/admin/application_settings/general).
  3. Expand the Sign-in restrictions section, where you can configure both.

Enforce 2FA only for certain groups:

  1. Go to the group’s Settings > General page.
  2. Expand the Permissions and group features section.
  3. Select the Require all users in this group to set up two-factor authentication option.