Open brynwhyman opened 5 years ago
Raising this following a discussion, although it's probably not a good idea. Allowing a grace period for users who are created after the original grace period has finished allows them time to setup their MFA. For example they may need time before their security token arrives in the mail.
Current functionality when MFA is made mandatory is to enforce a grace period for existing users. When new users are created they'll be entitled to a full grace period.
This issue covers making the grace period a global variable, regardless of when the user was created.
ACs