Affects Version/s: None
Fix Version/s: None
Component/s: Application Security > Multi-Factor Authentication
After an End User has registered themselves or the Instance Administrator has reset their MFA setup they go to an "exception" group. The purpose of having such a group is to resolve the "in limbo" problem. It is when the End User has not set the MFA up yet but they need to go into the portal to do so. End Users can be removed from the "exception" group manually after they have set the MFA up. This removal can be automatic as well after a secure period or after a grace period that can be configured by the Instance Administrator. There are two options when MFA is on:
- Allow users to log into the portal without MFA setup
- Allow user to access the MFA setup only
Grace period: the time period during which the End User can finalize the configuration MFA. In case of new registration this is infinite or it is until the configuration is completed or the registration is cancelled (anyhow). In case of existing registration it can be configured by the Instance Administrator and the End User can trigger the end of that manually also.
Secure period: the time period during which the End User cannot access the system. This period is for giving the chance to the End User to let the system know if they were not the one who tried to access the system on behalf of them. It can be configured by the Instance Administrator and at the end of this period the system gets fully accessible again. In case of new registration this is zero.
- As an Instance Administrator, I want to see all the non Instance Administrator users in the portal instances with their MFA configuration statuses in a membership list of an exception group with accomplished configuration also in order to be able to manage them.
- As an Instance Administrator, I want to be able to order the users in the list by the values in the columns.
- As an Instance Administrator, I want to be able to be search among users in the list according to their status and basic data.
- As an Instance Administrator, I want to be able to add users to the exception list manually through a filterable list in a popup.
- Note: We may reconsider this as we may not need to add new user if we have all the users in the list by default. Like we removed the remove from list function also.
- As an Instance Administrator, I want to be able to reset the setting of a specific user in order to give the opportunity to do the MFA setup from scratch again.
- As an Instance Administrator, I want to be able to reset the setting of multiple users as a bulk action in order to give the opportunity for them to do their MFA setup from scratch again.
- As an Instance Administrator, I want to be able to see the details of the configuration status of a specific user with time periods info and remained time in them, etc.
- As a Developer, I want my additional custom verifier to be reseted when an End User's MFA configuration is reseted.