Accounting Ideas

Enforcing or reporting on user management 2FA

It would be incredibly useful to be able to see under 'User Management' who has been set up with 2FA.

Likewise, an option to 'enforce 2FA' with a definable grace period to only allow login when 2FA is enabled would be ideal. EG:

Grace Period 14 days from enabling enforcement - users log in and are immediately prompted to set up 2FA.

After 14 days accounts that have failed to set up with 2FA will need their grace period extending, as their accounts will be locked.

  • Guest
  • Feb 20 2023
  • We're Taking A Look At This
  • Attach files
  • Guest commented
    7 Jun, 2023 10:39am

    to comply to variouse information security regulations, (imposd by industry standards and that of client security controle) we are required to enforce 2fa and have the ability to prove this for user accounts.

    The absence of an over arching admin control to both enforce and report use presents some security challenges. while 2fa is an user level feature at present to enable, this can be disabled easily in equal measure presenting unavoidable risk.

    an 'optional' enforced 2fa setting on either a user or tenancy level would be a very welcomed facility to keep up with standard across all other cloud platforms