Allow admins to verify its identity by providing an OTP code of its MFA, rather than a password. #34905
Comments
|
Hi @pitbulk. Thank you for your report.
Make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, Add a comment to the issue:
For more details, review the Magento Contributor Assistant documentation. Add a comment to assign the issue: To learn more about issue processing workflow, refer to the Code Contributions.
🕙 You can find the schedule on the Magento Community Calendar page. 📞 The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, join the Community Contributions Triage session to discuss the appropriate ticket. 🎥 You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel ✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel |
Description (*)
In a scenario where admins authenticates at Magento using a SSO feature (SAML, OAuth, OIDC), there is usually no password assigned (authentications happens at the Identity Provider side), so there is no sense to request a password for validate an action on the admin area
Expected behavior (*)
Be able to validate the identity of the admin providing a valid OTP code, rather than the admin password.
Benefits
I have currently several customers of my SAML extension that gonna be really happy with this feature.
Also at Magento Marketplace, where you SSO using Adobe credentials, I'm not sure if exists the same problem and no idea how it is resolved there.
The text was updated successfully, but these errors were encountered: