2-factor admin confusion due to two implementations
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical SSO provider |
Fix Released
|
High
|
Unassigned | ||
Bug Description
A couple of points of confusion have arisen in the SSO admin system due to an old and new implementation of 2F settings for RPConfigs:
* There are fields for "Require two factor" (checkbox) and "Flag twofactor" (free text). We should just choose one (probably the latter) and improve the UX slightly, perhaps by changing the free text field to be a pull down containing only flag options which begin with "TWOFACTOR_" and displaying both the flag name and readable description where these have been set?
* On the main list view, there is a "Require two factor" column but this is based on the older checkbox field so doesn't accurately represent the state of RPConfigs using the newer flag setting. If there is a value in the new field, this column should appear checked for at-a-glance viewing, preferably with a tooltip containing a comma-separate list of actual flags for more detail without needing to drill down for more info.
Marking as high priority as this may cause confusion to people using the admin area who aren't familiar with the current implementation and will make auditing a more onerous task than it should be.
| tags: | added: twofactor |
| Changed in canonical-identity-provider: | |
| milestone: | none → public-rollout |
| Michael Foord (mfoord) wrote | #1 |
| Changed in canonical-identity-provider: | |
| status: | New → Fix Released |
For the sake of others, these fields Stuart describes are related to openidrpconfig and not accounts.