Sign-up restrictions (CORE ONLY)
You can use sign-up restrictions to require user email confirmation, as well as to blacklist or whitelist email addresses belonging to specific domains.
Note: These restrictions are only applied during sign-up. An admin is able to add a user through the admin panel with a disallowed domain. Also note that the users can change their email addresses after signup to disallowed domains.
Require email confirmation
You can send confirmation emails during sign-up and require that users confirm their email address before they are allowed to sign in.
Minimum password length limit
Introduced in GitLab 12.6
You can change the minimum number of characters a user must have in their password using the GitLab UI.
Whitelist email domains
Introduced in GitLab 7.11.0
You can restrict users to only sign up using email addresses matching the given domains list.
Blacklist email domains
Introduced in GitLab 8.10.
With this feature enabled, you can block email addresses of a specific domain from creating an account on your GitLab server. This is particularly useful to prevent malicious users from creating spam accounts with disposable email addresses.
Settings
To access this feature:
- Navigate to the Settings > General in the Admin area.
- Expand the Sign-up restrictions section.
For the blacklist, you can enter the list manually or upload a .txt
file that
contains list entries.
For the whitelist, you must enter the list manually.
Both the whitelist and blacklist accept wildcards. For example, you can use
*.company.com
to accept every company.com
subdomain, or *.io
to block all
domains ending in .io
. Domains should be separated by a whitespace,
semicolon, comma, or a new line.