diff --git a/CHANGELOG b/CHANGELOG
index 60ee11b5f6e6a207cb0b35fbeb33c96dc534b59a..0c20479c8b1590dab1bc31b697dee31c02255e0d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date.
 
 v 7.13.0 (unreleased)
   - Fix Merge Request webhook to properly fire "merge" action when accepted from the web UI
+  - Add `two_factor_enabled` field to admin user API (Stan Hu)
   - Fix invalid timestamps in RSS feeds (Rowan Wookey)
   - Fix error when deleting a user who has projects (Stan Hu)
   - Fix downloading of patches on public merge requests when user logged out (Stan Hu)
diff --git a/doc/api/users.md b/doc/api/users.md
index cd141daadc8f3ec30f9090043c03e72a3a881d33..8b04282f16019149a15b6c8ac20bb3429fcbb951 100644
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -58,7 +58,8 @@ GET /users
     "is_admin": false,
     "avatar_url": "http://localhost:3000/uploads/user/avatar/1/cd8.jpeg",
     "can_create_group": true,
-    "current_sign_in_at": "2014-03-19T13:12:15Z"
+    "current_sign_in_at": "2014-03-19T13:12:15Z",
+    "two_factor_enabled": true
   },
   {
     "id": 2,
@@ -81,7 +82,8 @@ GET /users
     "can_create_group": true,
     "can_create_project": true,
     "projects_limit": 100,
-    "current_sign_in_at": "2014-03-19T17:54:13Z"
+    "current_sign_in_at": "2014-03-19T17:54:13Z",
+    "two_factor_enabled": false
   }
 ]
 ```
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index b23eff3661caa31042f5ec7d10355c4b229ce3a2..14a8f929d76ac125c99782863e4d7d612767cc50 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -24,6 +24,7 @@ module API
       expose :identities, using: Entities::Identity
       expose :can_create_group?, as: :can_create_group
       expose :can_create_project?, as: :can_create_project
+      expose :two_factor_enabled
     end
 
     class UserLogin < UserFull
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index c10998e171fa441b3e75a0e36b71f82c3360d8a8..1a29058f3f194cbea20ae1c15e00027213661689 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -35,6 +35,7 @@ describe API::API, api: true  do
         expect(json_response.first.keys).to include 'email'
         expect(json_response.first.keys).to include 'identities'
         expect(json_response.first.keys).to include 'can_create_project'
+        expect(json_response.first.keys).to include 'two_factor_enabled'
       end
     end
   end