Allow 2FA bypass for OmniAuth providers even when global 2FA enabled (!60300) · Merge requests · GitLab.org / GitLab · GitLab

Stan Hu requested to merge sh-allow-omniauth-provider-2fa-bypass into master Apr 26, 2021

Previously if the global require_two_factor_authentication setting were enabled, users would always have to login with 2FA even if the allow_bypass_two_factor setting were enabled for that specific provider.

Now, we allow the exemption to take precedence. OmniAuth providers use the allow_bypass_two_factor config option. For SAML logins, we use the AuthnContext to determine whether 2FA should be bypassed within GitLab.

Relates to #196131 (closed)

Edited Apr 26, 2021 by Stan Hu