Locked users
- Tier: Free, Premium, Ultimate
- Offering: Self-managed, GitLab Dedicated
Self-managed users
By default, users are locked after 10 failed sign-in attempts. These users remain locked:
- For 10 minutes, after which time they are automatically unlocked.
- Until an administrator unlocks them from the Admin area or the command line in under 10 minutes.
In GitLab 16.5 and later, administrators can use the API to configure:
- The number of failed sign-in attempts that locks a user (
max_login_attempts
). - The time period in minutes that the locked user is locked for, after the maximum number of failed sign-in attempts is reached (
failed_login_attempts_unlock_period_in_minutes
).
For example, an administrator can configure that five failed sign-in attempts locks a user, and that user will be locked for 60 minutes, with the following API call:
curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/application/settings?max_login_attempts=5&failed_login_attempts_unlock_period_in_minutes=60"
GitLab.com users
If 2FA is not enabled users are locked after three failed sign-in attempts within 24 hours. These users remain locked until:
- Their next successful sign-in, at which point they are sent an email with a six-digit unlock code and redirected to a verification page where they can unlock their account by entering the code.
- GitLab Support manually unlock the account after account ownership is verified.
If 2FA is enabled, users are locked after three failed sign-in attempts. Accounts are unlocked automatically after 30 minutes.
Unlock a user from the Admin area
- On the left sidebar, at the bottom, select Admin.
- Select Overview > Users.
- Use the search bar to find the locked user.
- From the User administration dropdown list, select Unlock.
Unlock a user from the command line
To unlock a locked user:
-
SSH into your GitLab server.
-
Start a Ruby on Rails console:
## For Omnibus GitLab sudo gitlab-rails console -e production ## For installations from source sudo -u git -H bundle exec rails console -e production
-
Find the user to unlock. You can search by email:
user = User.find_by(email: 'admin@local.host')
Or you can search by ID:
user = User.where(id: 1).first
-
Unlock the user:
user.unlock_access!
-
Exit the console with Control+d.
The user should now be able to sign in.
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support