diff options
Diffstat (limited to 'doc/user/admin_area/settings/sign_up_restrictions.md')
-rw-r--r-- | doc/user/admin_area/settings/sign_up_restrictions.md | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/doc/user/admin_area/settings/sign_up_restrictions.md b/doc/user/admin_area/settings/sign_up_restrictions.md index 851a984c285..80d5dae4a82 100644 --- a/doc/user/admin_area/settings/sign_up_restrictions.md +++ b/doc/user/admin_area/settings/sign_up_restrictions.md @@ -4,20 +4,42 @@ type: reference # Sign-up restrictions **(CORE ONLY)** -You can use sign-up restrictions to require user email confirmation, as well as -to blacklist or whitelist email addresses belonging to specific domains. +You can use sign-up restrictions to: ->**Note**: These restrictions are only applied during sign-up. An admin is +- Disable new signups. +- Require user email confirmation. +- Blacklist or whitelist email addresses belonging to specific domains. + +NOTE: **Note:** +These restrictions are only applied during sign-up from an external user. An admin is able to add a user through the admin panel with a disallowed domain. Also note that the users can change their email addresses after signup to disallowed domains. +## Disable new signups + +When this setting is enabled, any user visiting your GitLab domain will be able to sign up for an account. + +![Disable signups](img/disable_signup_v12_7.png) + +You can restrict new users from signing up by themselves for an account in your instance by disabling this setting. + +### Recommendations + +For customers running public facing GitLab instances, we highly recommend that you +consider disabling new signups if you do not expect public users to sign up for an +account. + +Alternatively, you could also consider setting up a +[whitelist](#whitelist-email-domains) or [blacklist](#blacklist-email-domains) on +email domains to prevent malicious users from creating accounts. + ## Require email confirmation You can send confirmation emails during sign-up and require that users confirm their email address before they are allowed to sign in. -![Email confirmation](img/email_confirmation.png) +![Email confirmation](img/email_confirmation_v12_7.png) ## Minimum password length limit |