Hi All, We are planning to add the following features for all MFA authenticators.
- Tenant Support - Federated Support - Secondary user stores - Retry (Retry with same code (2nd factor) If we entering invalid code or something) - Resend (Try to get the new code) - Admin should be able to make authenticator optional (Make the second step as optional). In addition to the above, currently, we support for the following use-cases as discussed in the thread [1] to the federated users. - local - This is based on the federated username. This is the default. You must set the federated username in the local user store. Basically, the federated username must be the same as the local username. - association - The federated username must be associated with the local account in advance in the Dashboard. So the local username is retrieved from the association. - userAttribute - The name of the federated authenticator's user attribute. That is the local username that is contained in a federated user's attribute. - subjectUri - When configuring the federated authenticator, select the attribute in the subject identifier under the service provider section in UI, this is used as the username of the authenticator. So we will check these features with EmailOTP connector first and move to other connectors one by one. Appreciate your thoughts and ideas. [1] [Architecture] TOTP authenticator improvement to support federated authenticators in the first step. Thanks Kanapriya Kuleswararajan Associate Software Engineer Mobile : - 0774894438 Mail: - [email protected]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
