2019-09-04 21:01:54 +05:30
|
|
|
---
|
|
|
|
type: reference
|
|
|
|
---
|
|
|
|
|
2019-12-04 20:38:33 +05:30
|
|
|
# Sign-up restrictions **(CORE ONLY)**
|
2016-08-24 12:49:21 +05:30
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
You can use sign-up restrictions to require user email confirmation, as well as
|
|
|
|
to blacklist or whitelist email addresses belonging to specific domains.
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
>**Note**: These restrictions are only applied during sign-up. An admin is
|
2019-02-15 15:39:39 +05:30
|
|
|
able to add a user through the admin panel with a disallowed domain. Also
|
2017-08-17 22:00:37 +05:30
|
|
|
note that the users can change their email addresses after signup to
|
|
|
|
disallowed domains.
|
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
## Require email confirmation
|
|
|
|
|
|
|
|
You can send confirmation emails during sign-up and require that users confirm
|
|
|
|
their email address before they are allowed to sign in.
|
|
|
|
|
|
|
|
![Email confirmation](img/email_confirmation.png)
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
## Whitelist email domains
|
|
|
|
|
|
|
|
> [Introduced][ce-598] in GitLab 7.11.0
|
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
You can restrict users to only sign up using email addresses matching the given
|
2017-08-17 22:00:37 +05:30
|
|
|
domains list.
|
|
|
|
|
2016-08-24 12:49:21 +05:30
|
|
|
## Blacklist email domains
|
|
|
|
|
|
|
|
> [Introduced][ce-5259] in GitLab 8.10.
|
|
|
|
|
|
|
|
With this feature enabled, you can block email addresses of a specific domain
|
2019-10-12 21:52:04 +05:30
|
|
|
from creating an account on your GitLab server. This is particularly useful
|
|
|
|
to prevent malicious users from creating spam accounts with disposable email
|
|
|
|
addresses.
|
2016-08-24 12:49:21 +05:30
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
## Settings
|
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
To access this feature:
|
2016-08-24 12:49:21 +05:30
|
|
|
|
2019-09-30 21:07:59 +05:30
|
|
|
1. Navigate to the **Settings > General** in the Admin area.
|
|
|
|
1. Expand the **Sign-up restrictions** section.
|
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
For the blacklist, you can enter the list manually or upload a `.txt` file that
|
|
|
|
contains list entries.
|
2019-09-30 21:07:59 +05:30
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
For the whitelist, you must enter the list manually.
|
2019-09-30 21:07:59 +05:30
|
|
|
|
|
|
|
Both the whitelist and blacklist accept wildcards. For example, you can use
|
2017-08-17 22:00:37 +05:30
|
|
|
`*.company.com` to accept every `company.com` subdomain, or `*.io` to block all
|
|
|
|
domains ending in `.io`. Domains should be separated by a whitespace,
|
|
|
|
semicolon, comma, or a new line.
|
2016-08-24 12:49:21 +05:30
|
|
|
|
|
|
|
![Domain Blacklist](img/domain_blacklist.png)
|
|
|
|
|
2019-09-04 21:01:54 +05:30
|
|
|
<!-- ## Troubleshooting
|
|
|
|
|
|
|
|
Include any troubleshooting steps that you can foresee. If you know beforehand what issues
|
|
|
|
one might have when setting this up, or when something is changed, or on upgrading, it's
|
|
|
|
important to describe those, too. Think of things that may go wrong and include them here.
|
|
|
|
This is important to minimize requests for support, and to avoid doc comments with
|
|
|
|
questions that you know someone might ask.
|
|
|
|
|
|
|
|
Each scenario can be a third-level heading, e.g. `### Getting error message X`.
|
|
|
|
If you have none to add when creating a doc, leave this section in place
|
|
|
|
but commented out to help encourage others to add to it in the future. -->
|
|
|
|
|
2019-12-04 20:38:33 +05:30
|
|
|
[ce-5259]: https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/5259
|
|
|
|
[ce-598]: https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/598
|