2FA and admin mode

Our GitLab instance (self-hosted) runs with admin mode set to “on”, i.e. I have to (re-)enter my password when I want to enter the admin area to perform tasks there. That makes a lot of sense.

I’me happily using 2FA for other things, and have considered enabling it for GitLab. I hope that means I won’t be able to log in with just my password anymore, but will I be required to enter a one-time code (from my 2FA app) when entering admin mode, or will that still just require my password? (I don’t even know which I would prefer, as long as it works)

I have a yubikey, and with admin mode enabled it asks for password as well as asking me to use the 2FA method - in this case, touch my yubikey. But if it was an authenticator app, I’m pretty sure it will ask you for the code as well as the password. I have both configured, and the browser gives me the option to choose yubikey or authenticator app/code.

1 Like