The recent bug related to the 2FA has exposed us to a situation we need to tackle asap. To support our SOC2 implementation, we have a policy that centralizes all the user management from our internal & external applications to our Google account. It means that users must log in into FA using the Google SSO integration.
However, we have noticed that we have a considerable amount of users using the FA with a combination of user&password.
I want to evaluate with you if it’s possible to disable the support of the user&password login and make it mandatory the usage of the Google SSO, only.
Feature(s) impacted
Account management
Observed behavior
When creating the FA account, users can chose between using the Google SSO or creating a user&password-related account.
Expected behavior
User can only use Google SSO to create a FA account.
Context
- Project name: TymeshiftFA