You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need to have a full audit log of user activities. This is already the case for "logged in" as well as "failed login" events. But it doesn't specifically register this in the context of backup codes. We should provide event hooks for https://github.com/silverstripe/silverstripe-auditor to pick up (and implement those listeners in the auditlog module)
ACs
MFA activities are logged to a point that it's useful for an auditing perspective
logged in an access restricted, append-only external logging service which is already part of CWP
Notes:
Initial list of MFA actions (may not definitive):
Success login, which method (including recovery codes)
Failed login, which method was attempted (including recovery codes)
Compounding failed attempts
Admin functions, like reseting backup codes, adding or removing registered methods
Skipped registration
This should cater for backend logs and db work. We'll handle any CMS views of this information in separate issue
We need to have a full audit log of user activities. This is already the case for "logged in" as well as "failed login" events. But it doesn't specifically register this in the context of backup codes. We should provide event hooks for https://github.com/silverstripe/silverstripe-auditor to pick up (and implement those listeners in the auditlog module)
ACs
Notes:
Pull requests
The text was updated successfully, but these errors were encountered: