Locked user accounts
GitLab locks a user account after the user unsuccessfully attempts to sign in several times.
GitLab.com users
- Tier: Free, Premium, Ultimate
- Offering: GitLab.com
If two-factor authentication (2FA) is enabled, accounts are locked after three failed sign-in attempts. Accounts are unlocked automatically after 30 minutes.
If 2FA is not enabled user accounts are locked after three failed sign-in attempts within 24 hours. Accounts remain locked until:
- The next successful sign-in, at which point the user must verify their identity with a code sent to their email.
- GitLab Support verifies the identity of the user and manually unlocks the account.
GitLab Self-Managed and GitLab Dedicated users
- Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed, GitLab Dedicated
Version history
- Configurable locked user policy introduced in GitLab 16.5.
By default, user accounts are locked after 10 failed sign-in attempts. Accounts are unlocked automatically after 10 minutes.
In GitLab 16.5 and later, administrators can use the Application settings API to modify the max_login_attempts or failed_login_attempts_unlock_period_in_minutes settings.
Administrators can unlock accounts immediately by using the following tasks:
Unlock user accounts from the Admin area
Prerequisites
- You must be an administrator of GitLab Self-Managed.
To unlock an account from the Admin area:
- On the left sidebar, at the bottom, select Admin.
- Select Overview > Users.
- Use the search bar to find the locked user.
- From the User administration dropdown list, select Unlock.
The user can now sign in.
Unlock user accounts from the command line
Prerequisites
- You must be an administrator of GitLab Self-Managed.
To unlock an account from the command line:
- 
SSH into your GitLab server. 
- 
Start a Ruby on Rails console: ## For Omnibus GitLab sudo gitlab-rails console -e production ## For installations from source sudo -u git -H bundle exec rails console -e production
- 
Find the user to unlock. You can search by email: user = User.find_by(email: 'admin@local.host')Or you can search by ID: user = User.where(id: 1).first
- 
Unlock the user: user.unlock_access!
- 
Exit the console with Control+d. 
The user can now sign in.