Improve how the decision to trigger user enrollment during automated provisioning is made

- at the moment in automated scenarios (deep link or initial provisioning) we make the decision about whether to trigger the enrollment process based on the value of `enrolled` property of the User object that comes in a response from core
- users synced from AD/LDAP are marked as enrolled after being synced, even if they haven't yet logged into Defguard and configured any MFA methods
- we need to figure out a better way to check if we have to proceed with enrollment for users synced from AD

The solution as discussed:
- [x] Add a flag to `User` object
- [x] Set the flag when admin uses `start_enrollment` endpoint to generate a token for the user
- [x] Take the flag into account when calculating the `User::enolled` property
- [x] Unset the flag once the user finishes the enrollment process

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Improve how the decision to trigger user enrollment during automated provisioning is made #647

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Improve how the decision to trigger user enrollment during automated provisioning is made #647

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions