The recent bug related to the 2FA has exposed us to a situation we need to tackle asap. To support our SOC2 implementation, we have a policy that centralizes all the user management from our internal & external applications to our Google account. It means that users must log in into FA using the Google SSO integration.
However, we have noticed that we have a considerable amount of users using the FA with a combination of user&password.
I want to evaluate with you if it’s possible to disable the support of the user&password login and make it mandatory the usage of the Google SSO, only.
Feature(s) impacted
Account management
Observed behavior
When creating the FA account, users can chose between using the Google SSO or creating a user&password-related account.
Expected behavior
User can only use Google SSO to create a FA account.
Context
- Project name: TymeshiftFA
Hello @Raphael_Neves, and thanks for reaching out to us.
Someone from our customer success team will be in touch with you shortly about the topic, by the end of this week.
Have a nice day,
@Nicolas.M
A few more details:
This kind of feature is already available in Forest Admin, as part of the SSO feature.
You can find more details in the documentation
As well as in our blog
Regards
Hi @Nicolas.M 
We already have the Google SSO working. The issue is: when someone new joins the company, this person has the option to use the SSO or create an account using user+password.
The outcome we want is that everyone must use Google SSO as the only option. Currently, the majority of our employees are using user+pass.
I would break this in two parts:
- Only allow new users to join FA using the SSO
- Migrate the current users using user+pass to SSO
Are we doing something bad to get both options available when creating a new account:?