search

FusionAuth / fusionauth-issues

FusionAuth issue submission project
https://fusionauth.io
90 stars 12 forks source link

Context: hosted pages with required MFA policy set -- do not expose option to allow for MFA trust on setup #2760

Open jobannon opened 4 months ago

jobannon commented 4 months ago

Description

If MFA is required (Tenant Policy or Application), when the user setup's up their MFA for the first time, they should also be able to obtain trust for 30 days (we should expose a checkbox - see existing in screenshot).

Observed versions

1.48.2

Steps to reproduce

Steps to reproduce the behavior:

  1. Log into an application
  2. Be required to setup MFA device by FusionAuth hosted workflows
  3. Not see an option to enable MFA bypass for 30 days on that browser/device when initially setting up MFA

Expected behavior

There should be an option to bypass MFA for 30 days when the user first sets up MFA.

Screenshots

image

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

Additional context

Add any other context about the problem here.

robotdan commented 3 months ago

I assume this is working as designed.

So technically we are enabling 2FA here, we are not completing a 2FA login. Perhaps the user doesn't care - but to make this work how you are proposing, we'd need the enable 2FA to return a device trust.

Is the issue that you have to wait until the next time you sign in to check the box?

jobannon commented 1 month ago

@robotdan Missed your comment here --

Is the issue that you have to wait until the next time you sign in to check the box? Yes. Might be nice as an optional thing, but there could be a few edge cases to consider to make it all work