summaryrefslogtreecommitdiff
path: root/doc/user/admin_area/settings/sign_up_restrictions.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/user/admin_area/settings/sign_up_restrictions.md')
-rw-r--r--doc/user/admin_area/settings/sign_up_restrictions.md30
1 files changed, 26 insertions, 4 deletions
diff --git a/doc/user/admin_area/settings/sign_up_restrictions.md b/doc/user/admin_area/settings/sign_up_restrictions.md
index 851a984c285..80d5dae4a82 100644
--- a/doc/user/admin_area/settings/sign_up_restrictions.md
+++ b/doc/user/admin_area/settings/sign_up_restrictions.md
@@ -4,20 +4,42 @@ type: reference
# Sign-up restrictions **(CORE ONLY)**
-You can use sign-up restrictions to require user email confirmation, as well as
-to blacklist or whitelist email addresses belonging to specific domains.
+You can use sign-up restrictions to:
->**Note**: These restrictions are only applied during sign-up. An admin is
+- Disable new signups.
+- Require user email confirmation.
+- Blacklist or whitelist email addresses belonging to specific domains.
+
+NOTE: **Note:**
+These restrictions are only applied during sign-up from an external user. An admin is
able to add a user through the admin panel with a disallowed domain. Also
note that the users can change their email addresses after signup to
disallowed domains.
+## Disable new signups
+
+When this setting is enabled, any user visiting your GitLab domain will be able to sign up for an account.
+
+![Disable signups](img/disable_signup_v12_7.png)
+
+You can restrict new users from signing up by themselves for an account in your instance by disabling this setting.
+
+### Recommendations
+
+For customers running public facing GitLab instances, we highly recommend that you
+consider disabling new signups if you do not expect public users to sign up for an
+account.
+
+Alternatively, you could also consider setting up a
+[whitelist](#whitelist-email-domains) or [blacklist](#blacklist-email-domains) on
+email domains to prevent malicious users from creating accounts.
+
## Require email confirmation
You can send confirmation emails during sign-up and require that users confirm
their email address before they are allowed to sign in.
-![Email confirmation](img/email_confirmation.png)
+![Email confirmation](img/email_confirmation_v12_7.png)
## Minimum password length limit
View Lorry Controller Status