Enforcement of two-factor authentication #455
cedricbonhomme
started this conversation in
Ideas
Replies: 2 comments 1 reply
-
|
To discuss for other solutions. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
|
Beta Was this translation helpful? Give feedback.
1 reply
-
|
When a user try to connect to a MONARC instance with 2FA enforced and the account of the user is not yet configured for 2FA. The usual login screen is automatically replaced by a new form which will let the user set 2FA, and then authenticate. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Enforcing two factor authentication [1, 2] method for a MONARC client instance.
The goal is to be sure that all users have activated a two factor authentication method. For the moment the administrator of a MONARC client instance can check the status of 2FA for the users. But not enforce this.
With enforced two-factor authentication a solution must be offered for a newly created user on an instance with this setting already enabled. For example the possibility to only access to the page where 2FA can be configured for the new user.
This is indeed a tricky situation often ignored or not really managed by other platforms (GitHub, Nextcloud, Google, etc. : the user is simply or blocked or rejected like on GitHub).
[1] #442
[2] #288
Beta Was this translation helpful? Give feedback.
All reactions