diff --git a/doc/README.md b/doc/README.md
index 53a12d2a455884d7aa7aec6af0e63fc61cabc528..cf7a828d91e0b30f9edb90e0845cfff14560572a 100644
--- a/doc/README.md
+++ b/doc/README.md
@@ -21,6 +21,7 @@
 
 ## Administrator documentation
 
+- [Access restrictions](administration/access_restrictions.md) Define which Git access protocols can be used to talk to GitLab
 - [Authentication/Authorization](administration/auth/README.md) Configure
   external authentication with LDAP, SAML, CAS and additional Omniauth providers.
 - [Custom Git hooks](administration/custom_hooks.md) Custom Git hooks (on the filesystem) for when webhooks aren't enough.
diff --git a/doc/administration/access_restrictions.md b/doc/administration/access_restrictions.md
new file mode 100644
index 0000000000000000000000000000000000000000..d3a58b8c14467a752d22a9c54439a589bf62d576
--- /dev/null
+++ b/doc/administration/access_restrictions.md
@@ -0,0 +1,38 @@
+# Access Restrictions
+
+> **Note:** This feature is only available on versions 8.10 and above.
+
+With GitLab's Access restrictions you can choose which Git access protocols you
+want your users to use to communicate with GitLab. This feature can be enabled
+via the `Application Settings` in the Admin interface.
+
+The setting is called `Enabled Git access protocols`, and it gives you the option
+to choose between:
+
+- Both SSH and HTTP(S)
+- Only SSH
+- Only HTTP(s)
+
+![](img/access_restrictions.png)
+
+## Enabled Protocol
+
+When both SSH and HTTP(S) are enabled, GitLab will behave as usual, it will give
+your users the option to choose which protocol they would like to use.
+
+When you choose to allow only one of the protocols, a couple of things will happen:
+
+- The project page will only show the allowed protocol's URL, with no option to
+  change it.
+- A tooltip will be shown when you hover over the URL's protocol, if an action
+  on the user's part is required, e.g. adding an SSH key, or setting a password.
+
+![](img/restricted_url.png)
+
+On top of these UI restrictions, GitLab will deny all Git actions on the protocol
+not selected.
+
+> **Note:** Please keep in mind that disabling an access protocol does not actually
+  block access to the server itself. The ports used for the protocol, be it SSH or
+  HTTP, will still be accessible. What GitLab does is restrict access on the
+  application level.
\ No newline at end of file
diff --git a/doc/administration/img/access_restrictions.png b/doc/administration/img/access_restrictions.png
new file mode 100644
index 0000000000000000000000000000000000000000..66fd9491e854f7cb4a8ac51f931e9b96575d4e14
Binary files /dev/null and b/doc/administration/img/access_restrictions.png differ
diff --git a/doc/administration/img/restricted_url.png b/doc/administration/img/restricted_url.png
new file mode 100644
index 0000000000000000000000000000000000000000..0a677433dcf097c5b026415a09b8951dd7bcc431
Binary files /dev/null and b/doc/administration/img/restricted_url.png differ