-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Portal] Authentication Settings re-organization #1715
Comments
@louischan-oursky When I am working on this, we will be facing the same empty slice problem in #1705. When the developer disables the toggle in the password page, there is a chance that we need to save empty slice to the primary authenticators list. I tried to change the lists to the slice pointer, so that we could save empty slice. see carmenlau@f2d7835. Do you think it is feasible? |
Also for the new password page, there are some settings for primary authenticator only, but some are for both primary and secondary authenticators. Primary authenticator only
Primary and secondary authenticators
So we cannot grey out all the sections when the first toggle is off. Here are some options:
Thoughts? @fungc-io @louischan-oursky |
Should be ok. See https://go.dev/play/p/Vacj3ygZ7ga
What about we never grey out anything? The developer rarely needs to concern about whether the option applies to primary or applies to both. It is because in real world usage, password and secondary password should not be used together at all. |
Ideally these options (Force Password Change, Password Policies) should be separated for Password and MFA (Additional Password) But since we want to postpone it and do it only when needed, what about we repeat both section in Password Tab and MFA tab, but add a description block under the title say "These settings applies to Additional Password too." Not ideal, but seems a compromise... @carmenlau |
I agree with that. Imagine a dev is using passwordless + secondary password, and they want to change the policy. The "Password" page seems the reasonable place to go to. When they see the policy settings, likely that they will understand the settings do apply to secondary passwords. Let's change the layout of the page to the following: Password
|
The decision after today's meeting: Password
Password Policy
* Added a link to Password Policy at the end of the Password page |
This issue is put on hold due to the discussion and decision mentioned in #1705 (comment) |
When fixing the bug #1705 , we discovered that there were never a proper way to disable the use of MFA in our portal.
The current design do not allow adding such toggle in a logical manner. This presents a good opportunity for us to improve the IA of the whole "Authentication" section.
The new Navigation will be:
Biometric AuthenticationSingle Sign-OnPassword PolicyAdvanced > Password Reset CodePage content
Password
Passwordless
MFA
Notes
In the Password page and MFA page, the first toggle will grey out the settings below. I.e. turning the features off will not make the configs below disappear.
The text was updated successfully, but these errors were encountered: