2FA
next
I
Indigo Ladybug
Hi Ryan,
please see below information from "The Grid" our It provider
In regards to 2FA for Albi, we recommend the following.
1. 2FA optional for 14 days after account creation
2. Option to bypass 2FA per user basis
3. Admin can reset 2FA enrolment
4. A page to see all users enrolment status
The Grid would prefer if we can SAML login for all the users if that can be available
Ryan Oliver
next
Thank you all for your feedback! I have a few questions for you as we consider building this:
- Would you prefer a combination of user and company control over 2-factor authentication?
- If both, should the two factors be displayed to the user once 2FA is turned on for the company?
- Should company administrators with 2FA capability be allowed to turn it on?
- Should company administrators enforce 2FA for all staff members?
- Should Albi be able to reset 2FA when users get locked out?
Feel free to share any other thoughts you have!
P
Premier Yak
Ryan Oliver
Q: Would you prefer a combination of user and company control over 2-factor authentication?
A: Yes, users should be able to activate 2FA even if the company has not enforced it.
Q: If both, should the two factors be displayed to the user once 2FA is turned on for the company?
A: Yes.
Q: Should company administrators with 2FA capability be allowed to turn it on?
A: Yes.
Q: Should company administrators enforce 2FA for all staff members?
A: Yes, there should be a toggle to enforce 2FA.
Q: Should Albi be able to reset 2FA when users get locked out?
A: No, I recommend there should be a backup method for users to recover an account, such as a long recovery code. If you do opt to have a reset/recovery path, then it needs to include a good-quality panel of security questions.
Additionally, incorporating support for hardware security keys (such as YubiKeys) as a two-factor authentication method would be highly beneficial for security.
O
Outstanding Shrimp
later
Tiffany Sunday
next