Grace period for 2FA in GitLab 16.11.2 CE does not work

:hugs: Please help fill in this template with all the details to help others help you more efficiently. Use formatting blocks for code, config, logs and ensure to remove sensitive data.

Problem to solve

Describe your question in as much detail as possible:
We would like to enable 2FA for our locally installed GitLab CE server 16.11.2. It is configured in “settings/general/Sign-in Restrictions” as:
Enforce two-factor authentication
Two-factor grace period: 240
However, the grace period does not appear to work, user sign-in is trapped in “/-/profile/two_factor_auth”

  • What are you seeing, and how does that differ from what you expect to see?
  • Consider including screenshots, error messages, and/or other helpful visuals

Steps to reproduce

Which troubleshooting steps have you already taken? Can you link to any docs or other resources so we know where you have been?
We have to revert to a snapshot to restore to the configuration without 2FA. Changing the length of grace period did not make a difference.


Provide screenshots from the GitLab UI showing relevant configuration, if applicable.
On self-managed instances, add the relevant configuration settings or changes.
See above.


Please select whether options apply, and add the version information.


Helpful resources

  1. Before opening a new topic, make sure to search for keywords in the forum search
  2. Check the GitLab project for existing issues. If you encounter a bug, please create a bug report issue.
  3. Troubleshooting docs: Self-managed GitLab instances.

Thanks for taking the time to be thorough in your request, it really helps! :blush:

I am thinking maybe I should post this as a bug report because it feels to me that only the developers can help with this issue.