I can't understand why GitLab has an option to disable the user to login on the site, can anyone give me an explanation?
If a user leaves our company we disable the account and delete the ssh key.
It is not unusual that you do not delete the user account if a user leaves the company, but you always disable the accounts.
Related
I'm in a bind with Azure login account. I've forgotten my password for my account that I use for a client's DevOps. It wasn't until I ended up created another account today to troubleshoot the problem that I might understand the issue, but still can't fix it.
About a year ago, my client added me as a Guest in their Active Directory. I did not have an active directory myself. I got the notice from Microsoft in an invite email to get started, which created an account to get access to their Azure Portal and DevOps. I've been logged in for a year, but was trying test a feature which required me to login to DevOps during the process. I tried what I thought was my password, but that didn't work. No problem, I'll just click on the reset password feature. That ended up informing me that "password reset isn't properly set up for your organization." Knowing who setup my account up, I ask them to reset my password. The response was we do not have control to reset your password because you're a guest.
Through several discussions, and seeing what was available to them, and how a Guest was set up, it was suggested to setup an account within Microsoft for the email. I did that, and when I went back to try and login to their portal, I was presented with two options after I entered my email address. There was a work account and a personal account. Both with the same email address. The work account indicated it was created by "your IT department". Which we did not create this, it was a result of the client adding us as a guest, then finishing the process to gain access. So I can only assume, either an active directory was created for my domain, or I was added to a generic active directory.
In either case, I still can't change the password for the work account, and researching has not helped, as it keeps resetting my personal account.
Does anyone have any suggestions on how to resolve this issue?
Here is what I'm currently seeing.
Thank you,
Marc
You don't have an AAD tenant. So I assume that your account is an Microsoft personal account.
Although you are added as the guest user in your client's tenant, the password management is not handled by that tenant. It is still handled by Microsoft personal account.
You can reset your password here: click on Sign In, enter your account and click on Forgot password?.
I don't prefer to allow sign up to anyone in private gitlab instance until explicitly invited to projects in gitlab.
Is there any way to allow only those users to sign up to whom you send the invitation?
cheers,
ijaz
You can disable sign up, but you (as admin) would have to sign them up.
I'm not aware of any e-mail invitation system.
Andres
If you use LDAP or OmniAuth, you can block auto created users, and then you'd have only need to unblock each user you would like to allow.
(Note: you'd have to configure OmniAuth or LDAP)
Using AzureAD, users can log in through https://portal.office.com/myapps to their assigned apps. Some of them use the password-based sso with the option "User manages credentials".
This works fine, the user gets a question for his password and this password is used for SSO. Exept when this password changes or is mistyped the first time, then the user can't change his own saved credentials unless two factor authentication is activated for this user.
What is the best way to let the initial password prompt reappear for an user, or give another way to reset the password without activating 2FA?
To answer my own question, there are two portals, the Office 365 version at https://portal.office.com/myapps and the Azure version at https://myapps.microsoft.com. At the second portal, you can click on the three dots and select "update credentials". This can only be done by the users themselves.
Another way, is via the Azure admin portal. There you can assign permissions to an app. We do this normally based on groups. If you assign the permission individually, you can set or change the password, but also empty the fields. This way the user will be re-prompted for their password. After this, you can delete the individual permission, so it's again only group assigned. This can only be done by an admin.
I want to setup a gitlab instance for internal use. Since the instance can only be reached over a local network I haven't setup the email setup. Unfortunately gitlab still wants to sent new users confirmation emails with a temporary password, but they never receive this email.
Is there a way to configure gitlab so that it doesn't send these confirmation mails? I already tried to set email_enabled: false in gitlab.yml but it didn't work.
Update:
It should work without me having to interfere manually in the signup process.
Admin can confirm user manually!
Login gitlab with admin account and create a new user (Mini), ignore password.
Admin area ---> users ---> edit Mini user ---> set password.
User Mini can login gitlab.
I think GitLab takes security seriously and from what I have seen so far, it looks like either your users need to confirm their accounts or an admin has to confirm manually.
We have a little problem. The company I'm working for now has one main admin account. This is a problem as some contractors knows the password and then login using the admin account and not there own.
The problem is that if we do change the password, the account will be logged out as there is about 200 contractors.
I need to restrict those 200 contractors from sing the admin account. But everyone not part of the list of 200 should still be able to use the admin account for remote desktoping.
Any help would help a lot.
you NEVER allow ANYONE who is not the admin to use the admin account.What you are going to need to do is create elevated privileged accounts for your contractors that can do what they'll need to do, then tell them to log into those accounts and once every contractor has logged out/in, change the admin password, be polite but firm, you can add permissions to any contractor that needs it but none of them get the admin account anymore. It's just too dangerous for everyone. they are not idiots, they'll understand.
edit: as for everyone else who needs remote access make accounts for them too, hell if you trust them, you could make sub-admin accounts, but just don't let everyone use the admin account. It WILL end up biting you in the end.
I'm not too sure about local networking, I've only had experience with ssh networking, but have you thought of using private keys? Again I know this works for my purposes, not certain for local.
Here's a good guide to a linux setup. Don't know about other OS's.
There should also be some sort of disciplinary action to stop people logging into wrong accoutns, especially admin ones.