2FA selective disable.

0 vote

Published 9 years ago

Today we have 3 options for server-side 2FA

* Disabled -- As it states
* Optional -- Server checks the user, if its configured it uses it, if not, they pass.
* Required -- All users are required and must register if they don't have it.

I propose a 4th option.
* Required w/Excemption -- For special use cases, a flag in the database user 2FA config that allows the server to bypass 2FA for that user. Helpful in cases such as service accounts where automation needs to use the powershell commands without using 2FA but in an environment where security mandates everyone else as required.

All Comments (4)

David Hervieux

Published 9 years ago

Hi,
How the server will know when it can bypass the 2FA?

Regards

David Hervieux

afuller

Published 9 years ago

The same way it knows to enforce 2FA when set to Optional, based on some key in the user config in the database?

David Hervieux

Published 9 years ago

I must be missing something. You want a way to disable the UFA from the database for the user and if it's not disabled it's required?

Regards

David Hervieux

afuller

Published 9 years ago

Correct, so instead of Optional - Default Disabled, Optional - Default Required.

Your current setup for optional reads the user config and enforces it if enabled for that user. I just want a way to have default required, but be able to override and disable for a specific user.