winterhazel commented on PR #7870: URL: https://github.com/apache/cloudstack/pull/7870#issuecomment-1681094732
> > In addition to @harikrishna-patnala 's comment, I wonder if scenario 11 is really what we want? As an operator I want to force my users to use f2a. scenario 11 negates that. what do you think @winterhazel ? > > good point @DaanHoogland > > @winterhazel can you test if `mandate.user.2fa` is set to `true` ? @DaanHoogland @weizhouapache You can force users to use 2FA by enabling the global setting `mandate.user.2fa`. If this setting is set to `true`, when a user disables his 2FA through the `setupUserTwoFactorAuthentication` API, he will need to reconfigure it next time he logins in order to proceed. I have tested it. However, I think we can reconsider the behavior of this API to not allow users to disable their 2FA in the first place when this setting is enabled and return a message saying that 2FA is mandatory, since users may think the current behavior is a bug. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
