Identity verification

Introduced in GitLab 15.4 with a flag named identity_verification. Disabled by default.

On self-managed GitLab, by default this feature is not available. This feature is not ready for production use.

Identity verification provides multiple layers of GitLab account security. Depending on your risk score, you might be required to perform up to three stages of verification to register an account:

  • All users - Email verification.
  • Medium-risk users - Phone number verification.
  • High-risk users - Credit card verification.

Users created after signing in with SAML SSO for GitLab.com groups are exempt from identity verification.

Email verification

To register an account, you must provide a valid email address. See Account email verification.

Phone number verification

In addition to email verification, you might have to provide a valid phone number and verify a one-time code.

You cannot verify an account with a phone number associated with a banned user.

Credit card verification

In addition to email and phone number verification, you might have to provide a valid credit card number.

You cannot verify an account with a credit card number associated with a banned user.