Add latest changes from gitlab-org/gitlab@13-3-stable-ee

8 files changed, 35 insertions, 5 deletions

diff --git a/doc/security/README.md b/doc/security/README.md
index e2375c0f0b5..bbc7db54b14 100644
--- a/doc/security/README.md
+++ b/doc/security/README.md
@@ -7,6 +7,7 @@ type: index
 
 - [Password storage](password_storage.md)
 - [Password length limits](password_length_limits.md)
+- [Generated passwords for users created through integrated authentication](passwords_for_integrated_authentication_methods.md)
 - [Restrict SSH key technologies and minimum length](ssh_keys_restrictions.md)
 - [Rate limits](rate_limits.md)
 - [Webhooks and insecure internal web services](webhooks.md)
diff --git a/doc/security/cicd_environment_variables.md b/doc/security/cicd_environment_variables.md
index ea597ea05f2..b8fe14e2d3b 100644
--- a/doc/security/cicd_environment_variables.md
+++ b/doc/security/cicd_environment_variables.md
@@ -1,5 +1,7 @@
 ---
-type: reference
+stage: Release
+group: Release Management
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
 
 # CI/CD Environment Variables
diff --git a/doc/security/passwords_for_integrated_authentication_methods.md b/doc/security/passwords_for_integrated_authentication_methods.md
new file mode 100644
index 00000000000..704af49b2d2
--- /dev/null
+++ b/doc/security/passwords_for_integrated_authentication_methods.md
@@ -0,0 +1,14 @@
+---
+type: reference
+---
+
+# Generated passwords for users created through integrated authentication
+
+GitLab allows users to set up accounts through integration with external [authentication and authorization providers](../administration/auth/README.md).
+
+These authentication methods do not require the user to explicitly create a password for their accounts.
+However, to maintain data consistency, GitLab requires passwords for all user accounts.
+
+For such accounts, we use the [`friendly_token`](https://github.com/heartcombo/devise/blob/f26e05c20079c9acded3c0ee16da0df435a28997/lib/devise.rb#L492) method provided by the Devise gem to generate a random, unique and secure password and sets it as the account password during sign up.
+
+The length of the generated password is the set based on the value of [maximum password length](password_length_limits.md#modify-maximum-password-length-using-configuration-file) as set in the Devise configuation. The default value is 128 characters.
diff --git a/doc/security/ssh_keys_restrictions.md b/doc/security/ssh_keys_restrictions.md
index 47eccf665d3..903a28136ad 100644
--- a/doc/security/ssh_keys_restrictions.md
+++ b/doc/security/ssh_keys_restrictions.md
@@ -1,5 +1,8 @@
 ---
 type: reference, howto
+stage: Manage
+group: Access
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
 
 # Restrict allowed SSH key technologies and minimum length
diff --git a/doc/security/two_factor_authentication.md b/doc/security/two_factor_authentication.md
index 886154aac6d..9d49e1d3af2 100644
--- a/doc/security/two_factor_authentication.md
+++ b/doc/security/two_factor_authentication.md
@@ -1,5 +1,8 @@
 ---
 type: howto
+stage: Manage
+group: Access
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
 
 # Enforce Two-factor Authentication (2FA)
@@ -36,8 +39,9 @@ period to `0`.
 
 If you want to enforce 2FA only for certain groups, you can:
 
-1. Enable it in the group's **Settings > General** page.
-1. Optionally specify a grace period as above.
+1. Enable it in the group's **Settings > General** page. Navigate to **Permissions, LFS, 2FA > Two-factor authentication**.
+You can then check the **Require all users in this group to setup Two-factor authentication** option.
+1. You can also specify a grace period in the **Time before enforced** option.
 
 To change this setting, you need to be administrator or owner of the group.
 
diff --git a/doc/security/user_email_confirmation.md b/doc/security/user_email_confirmation.md
index a493b374d66..6260c76bff9 100644
--- a/doc/security/user_email_confirmation.md
+++ b/doc/security/user_email_confirmation.md
@@ -1,5 +1,8 @@
 ---
 type: howto
+stage: Manage
+group: Access
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
 
 # User email confirmation at sign-up
diff --git a/doc/security/user_file_uploads.md b/doc/security/user_file_uploads.md
index 9fc8f7ec985..662e115d1ed 100644
--- a/doc/security/user_file_uploads.md
+++ b/doc/security/user_file_uploads.md
@@ -1,5 +1,8 @@
 ---
 type: reference
+stage: Manage
+group: Access
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
 
 # User File Uploads
@@ -15,7 +18,7 @@ notification emails, which are often read from email clients that are not
 authenticated with GitLab, such as Outlook, Apple Mail, or the Mail app on your
 mobile device.
 
->**Note:**
+NOTE: **Note:**
 Non-image attachments do require authentication to be viewed.
 
 <!-- ## Troubleshooting
diff --git a/doc/security/webhooks.md b/doc/security/webhooks.md
index af9be499e80..3d7aa3026ab 100644
--- a/doc/security/webhooks.md
+++ b/doc/security/webhooks.md
@@ -5,7 +5,7 @@ type: concepts, reference, howto
 # Webhooks and insecure internal web services
 
 NOTE: **Note:**
-On GitLab.com the [maximum number of webhooks](../user/gitlab_com/index.md#maximum-number-of-webhooks) per project is limited.
+On GitLab.com, the [maximum number of webhooks and their size](../user/gitlab_com/index.md#webhooks) per project, and per group, is limited.
 
 If you have non-GitLab web services running on your GitLab server or within its
 local network, these may be vulnerable to exploitation via Webhooks.