Hi Roger,
I mean that in the 7.3 version, a malicious user won't be able to delete a
registered device as long as he cannot provide the "suspicious_borg"
("sharp boyd" in your case) totp code to do so (see the popup window in the
pic below that you might not get in your context).
[image: firefox_vFYAk0sbAm.png]
And the same way, he also won't be able to register his own device without
detaining "sharp boyd".
Le mardi 27 janvier 2026 à 15:50:38 UTC+1, Roger a écrit :
> screenshots for clarity
> [image: Screenshot from 2026-01-16 20-16-01.png]
> [image: Screenshot from 2026-01-16 20-16-13.png]
>
> понедельник, 19 января 2026 г. в 19:32:37 UTC+3, Roger:
>
>> Is there a way to disable device removal for Google Authenticator MFA in
>> Apereo CAS 7.2?
>>
>> I want to prevent users from deleting registered devices, or disable the
>> device management screen entirely. Allowing a user to delete a device and
>> enroll a new one using only username/password appears insecure.
>>
>> Is there a configuration option or recommended approach to enforce this
>> restriction?[image: cas2.png][image: cas2.png][image: cas1.png]
>>
>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2026ca7f-56bf-4016-ac69-da3e5dc38500n%40apereo.org.
