Users authenticated via magic links from invoices and reminder emails should be considered as less strongly authenticated as those who have authenticated via email auth codes or using the TKO-äly SSO. These users should not have access to their personal settings or to the admin-UI before the reauthenticate using a stronger method.
Users authenticated via magic links from invoices and reminder emails should be considered as less strongly authenticated as those who have authenticated via email auth codes or using the TKO-äly SSO. These users should not have access to their personal settings or to the admin-UI before the reauthenticate using a stronger method.