| stage | Govern |
|---|---|
| group | Authentication and Authorization |
| info | To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments |
| type | howto |
Users are locked after ten failed sign-in attempts. These users remain locked:
- For 10 minutes, after which time they are automatically unlocked.
- Until an administrator unlocks them from the Admin Area or the command line in under 10 minutes.
If 2FA is not enabled users are locked after three failed sign-in attempts within 24 hours. These users remain locked until:
- Their next successful sign-in, at which point they are sent an email with a six-digit unlock code and redirected to a verification page where they can unlock their account by entering the code.
- GitLab Support manually unlock the account after account ownership is verified.
If 2FA is enabled, users are locked after five failed sign-in attempts within 10 minutes. Accounts are unlocked automatically after 10 minutes.
- On the left sidebar, select Search or go to.
- Select Admin Area.
- On the left sidebar, select Overview > Users.
- Use the search bar to find the locked user.
- From the User administration dropdown list, select Unlock.
To unlock a locked user:
-
SSH into your GitLab server.
-
Start a Ruby on Rails console:
## For Omnibus GitLab sudo gitlab-rails console -e production ## For installations from source sudo -u git -H bundle exec rails console -e production
-
Find the user to unlock. You can search by email:
user = User.find_by(email: 'admin@local.host')
Or you can search by ID:
user = User.where(id: 1).first
-
Unlock the user:
user.unlock_access!
-
Exit the console with Control+d.
The user should now be able to sign in.