Drata can automatically map MFA data from GitLab to your users in Drata in the following ways.
GitLab.com
Option 1:
MFA status can be enforced at the group level in GitLab. It can also be enforced at the subgroup level if the "Subgroups can set up their own two-factor authentication rules" option is selected.
Select a group or subgroup from your dashboard.
Then, navigate to your group's settings in the sidebar, scroll to and expand the "Permissions and group features" section.
Select the "All users in this group must set up two-factor authentication" and "Subgroups can set up their own two-factor authentication rules" options.
For more information, reference the GitLab article for more details.
GitLab Self-managed
Option 2:
Drata can verify each user's MFA enablement settings through an API. To enable this APIs, the initial connection must be made by a user with an administrator role.
Option 3:
Drata can lookup the system level setting "Enforce two-factor authentication" to determine MFA for every user. Though in order for Drata to have access to these APIs, a user with an administrator role must have made the initial connection.
Select the Admin button on the bottom left corner of the system, and then select the general settings.
Navigate to and expand the "Sign-in restrictions" section. Then, select the "Enforce two-factor authentication" option.
