Option to enforce 2FA on specific users and/or Authentication Providers #28
Conversation
…cular Authentication Providers
|
I love the new options of this PR. But I would prefer setting a role that is required to set a second factor instead of being required to update the code for every new user. This could even be an abstract role already provided by this package/pr IMO. |
|
Thank you for this PR 🙂 I second the opinion of @Benjamin-K.
|
JamesAlias
left a comment
JamesAlias
left a comment
There was a problem hiding this comment.
Some small change requests and ideas.
…rcment conditions
|
I have fixed a regression where I could delete the last second factor of an account even though it was enforced by role/authProvider for this account. I also added a SecondFactorService to centralize the logic and make it more readable on the consuming side. |
|
@JamesAlias Thanks for having a look at this again and cleaning the code up a bit. A (new) question raised for me, when reading your last comment: As an administrator I'm not able to remove the last second factor of an account at the moment, if that user is forced to have a second factor, right? |
Good idea. Please do 🙂 |
|
Added here: #30 |
4 participants
We use the OpenIDConnect extension where 2FA is enforced, but we also use the default Username-Password-Provider as a fallback and for all external users, with which we collaberate and which are not in our AD.
For the latter group we would like to enforce this plugin. Hence, we extended the options to enforce 2FA for not only all users but also for specific users/authentication providers