For the student 2FA implementation, we implemented a new flow that displays a warning (nudge screen) for students who had not yet opted in. This was implemented using new logic in conf/authn/mfa-authn-config.xml, accessing configuration elements in idp.properties, and making a call to the groups service for users neither opted in nor opted out to check if the screen should be displayed.
After all students are opted in, this functionality should be disabled, in particular the group service call should not be made for other populations that are not yet opted in. However, the underlying infrastructure should be kept in place so that this can be re-enabled easily at a later date if we want to us it for future 2FA migrations.
mar235av
commented
1 year ago
For the student 2FA implementation, we implemented a new flow that displays a warning (nudge screen) for students who had not yet opted in. This was implemented using new logic in conf/authn/mfa-authn-config.xml, accessing configuration elements in idp.properties, and making a call to the groups service for users neither opted in nor opted out to check if the screen should be displayed.
After all students are opted in, this functionality should be disabled, in particular the group service call should not be made for other populations that are not yet opted in. However, the underlying infrastructure should be kept in place so that this can be re-enabled easily at a later date if we want to us it for future 2FA migrations.