GitLab.com users
Self-managed users
- Unlock user accounts from the Admin area
- Unlock user accounts from the command line

Locked user accounts

GitLab locks a user account after the user unsuccessfully attempts to sign in several times.

GitLab.com users

Tier: Free, Premium, Ultimate Offering: GitLab.com

If two-factor authentication (2FA) is enabled, accounts are locked after three failed sign-in attempts. Accounts are unlocked automatically after 30 minutes.

If 2FA is not enabled user accounts are locked after three failed sign-in attempts within 24 hours. Accounts remain locked until:

The next successful sign-in, at which point the user must verify their identity with a code sent to their email.
GitLab Support verifies the identity of the user and manually unlocks the account.

Self-managed users

Tier: Free, Premium, Ultimate Offering: Self-managed, GitLab Dedicated

History

Configurable locked user policy introduced in GitLab 16.5.

By default, user accounts are locked after 10 failed sign-in attempts. Accounts are unlocked automatically after 10 minutes.

In GitLab 16.5 and later, administrators can use the Application settings API to modify the max_login_attempts or failed_login_attempts_unlock_period_in_minutes settings.

Administrators can unlock accounts immediately by using the following tasks:

Unlock user accounts from the Admin area

Prerequisites

You must be an administrator of a self-managed GitLab instance.

To unlock an account from the Admin area:

On the left sidebar, at the bottom, select Admin.
Select Overview > Users.
Use the search bar to find the locked user.
From the User administration dropdown list, select Unlock.

The user can now sign in.

Unlock user accounts from the command line

Prerequisites

You must be an administrator of a self-managed GitLab instance.

To unlock an account from the command line:

SSH into your GitLab server.

Start a Ruby on Rails console:

## For Omnibus GitLab
sudo gitlab-rails console -e production

## For installations from source
sudo -u git -H bundle exec rails console -e production

Find the user to unlock. You can search by email:

user = User.find_by(email: 'admin@local.host')

Or you can search by ID:

user = User.where(id: 1).first

Unlock the user:
```
user.unlock_access!
```
Exit the console with Control+d.

The user can now sign in.

Help & feedback

Docs

Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.

Product

Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Join First Look to help shape new features.

Feature availability and product trials

View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.

Get Help

If you didn't find what you were looking for, search the docs.

If you want help with something specific and could use community support, post on the GitLab forum.

For problems setting up or using this feature (depending on your GitLab subscription).

Request support