Step-up auth: Mark active session as step-up authenticated
Problem/Motivation
GitLab's active sessions page shows when a session has admin mode enabled, but it does not indicate when a session is step-up authenticated. This creates a gap in transparency and security management.
Without clear visibility into which sessions have completed step-up authentication, users cannot:
- Identify sessions with elevated security privileges
- Understand the security state of their login sessions
- Make informed decisions about session management
Proposal
Enhance the active sessions page to indicate when a session has been step-up authenticated.
Consider the following aspects:
- Adding a step-up authentication status indicator to active sessions
- Clearing the step-up authentication state when admin mode is disabled
Edited by Gerardo Navarro