Page MenuHomePhabricator
Create Task
Maniphest T5089

Allow installs to require users add multi-factor auth to their accounts
Closed, ResolvedPublic
Actions

Description

Installs want a way to require users configure MFA. Roughly:

  • A per-account "this account must always have MFA" flag. This locks the account down so only MFA enrollment may be performed, and prevents removal of the last remaining MFA factor.
  • Tools for setting the flag (CLI + Web) and removing the flag (CLI).
  • A CLI tool for reviewing enrollment status (users, flag-or-not, enrolled-or-not).
  • And probably a global config setting for "all users must enroll".

Revisions and Commits

rP Phabricator
D9285rP99c72a32d041 Allow installs to require multi-factor authentication for all users

Related Objects

Event Timeline

epriestley created this task.May 17 2014, 1:05 AM
epriestley claimed this task.
epriestley raised the priority of this task from to Normal.
epriestley updated the task description. (Show Details)
epriestley added a project: Auth.
epriestley added subscribers: epriestley, zeeg.
epriestley edited this Maniphest Task.May 25 2014, 12:11 AM
epriestley edited this Maniphest Task.Jun 3 2014, 11:50 PM
epriestley closed this task as Resolved.Aug 22 2014, 8:02 PM

security.require-multi-factor-auth seems to satisfy this for now. We can provide more granular alternatives later if use cases arise.

epriestley mentioned this in T6115: Allow multi-factor authentication to be a requirement for user subgroups, including administrators.Sep 18 2014, 1:00 AM
Phabricator · Built by Phacility