The recent bug related to the 2FA has exposed us to a situation we need to tackle asap. To support our SOC2 implementation, we have a policy that centralizes all the user management from our internal & external applications to our Google account. It means that users must log in into FA using the Google SSO integration.
However, we have noticed that we have a considerable amount of users using the FA with a combination of user&password.
I want to evaluate with you if it’s possible to disable the support of the user&password login and make it mandatory the usage of the Google SSO, only.
When creating the FA account, users can chose between using the Google SSO or creating a user&password-related account.
User can only use Google SSO to create a FA account.
- Project name: TymeshiftFA