Affects Version/s: Master
Fix Version/s: None
Component/s: Application Security > Multi-Factor Authentication
Sprint:Iteration 45, Iteration 46, Iteration 47, Iteration 48, Iteration 49, Iteration 50, AppSec Iteration 51, AppSec Iteration 52, AppSec Iteration 53, AppSec Iteration 54, AppSec Iteration 55, AppSec Iteration 56
Git Pull Request:
As in acceptance criteria #3 on the story
LPS-92653, we would like to see FIDO2 related entries about successful or unsuccessful logins at Security / Audit.
- Create a new virtual instance eg.: able.com
- Login with Instance admin and enable MFAs: TOTP, Email-OTP, and FIDO2
- Go To the Account Setting page, and set up TOTP and FIDO2 for the user account
- Sing out
- Sign in with FIDO2 verifier
- Go to Security / Audit
- Find log entries about login using FIDO2 verifier
Screen recording about the issue
Check the video
Currently, no exact entry about FIDO2 typed MFA in the logs.
Also, the login flow triggers various entries about a LOGIN, LOGOUT for Email-based OTP verifier while the user logged in successfully via FIDO2 verifiers.
1. FIDO2 entries should be present as our user's login via FIDO2 verification.
2. The number of Email-based OTP logs should not be created when the user not even use EOTP during his login flow.