2FA and Whitelists

We have GitLab setup to use whitelists for security. Is it possible to have both enabled?

That is you either have an IP on the whitelist (and can get access) OR you login with 2FA (and your IP does not matter).

If this is possible - how to set this up? Thanks!

There’s not such option I’m afraid.

Thanks! If we switch everyone to 2FA, then we can drop whitelists and as long as folks can authenticate, they can get in - yes? Many thanks!

Yep! You can even enforce 2FA https://docs.gitlab.com/ee/security/two_factor_authentication.html :slight_smile:

Just to be clear on your initial question, you can do whitelist AND 2fa. It’s the OR that’s not supported.

Makes sense - many thanks!

1 Like