Retrieving MFA Status via API


I would like to get the MFA/ two factor authentication status for each user via API.
When sending the GetUser REST: (Users API | GitLab)

I don’t get “two_factor_enabled” field in the response. Is there any other REST where I can check what is the MFA status of a user/organization? In gitlab SAAS.

To get two_factor_enabled using the Users API, you must be an administrator. Therefore, this is not available on

There is a currently an feature request to add two_factor_enabled field to API calls for group owners: Enable two_factor_enabled API field for group owners (#385177) · Issues · / GitLab · GitLab. If you’re interested in this feature, I encourage you to :+1: the issue and feel free to share your feedback and use case in the comments.

Thanks Greg for the prompt response!
But even when using an admin user, I’m not getting this info in the response.
Can you please elaborate what do you mean by “this is not available on” ?
You mean “” endpoint won’t work even if I’m an admin?
If so - which endpoint should I use?

Hi @ron6325904 ,

You may be the owner of a group or namespace on, but you’re not an administrator on Admin access on is carefully audited and monitored and only a couple of GitLab team members have access to administration tools and settings on This includes accessing that API endpoints as an administrator. Administer GitLab | GitLab

You mean endpoint won’t work even if I’m an admin?

It will work (in that you’ll get a response instead of an error) but it will not return information that is only available to administrators (including whether the user has two_factor enabled).

This is why the documentation on how to check if a single user has two_factor enabled says “For administrators” and it has the “SELF-MANAGED” label next to it.

Thanks Greg.
The documentation specifies that:
“On Gitlab seld-managed, available in all tiers. Not available on Gitlab SaaS.”

Can you please elaborate what does it mean?
This endpoint won’t return MFA info if I’m using Gitlab SaaS?

In addition, Is there a way to check if my user is an administrator (using API)?

If there is no way to verify it via API, can you please point me where i can find it in GUI?

Kind reminder :slight_smile: