search

goauthentik / authentik

The authentication glue you need.
https://goauthentik.io
Other
13.06k stars 868 forks source link

MFA Devices consistency #4839

Open justsomemate opened 1 year ago

justsomemate commented 1 year ago

Is your feature request related to a problem? Please describe. The display of the MFA device options are inconsistent.

  1. In the admin interface, in Flows: 01-flows

  2. In the admin interface, in Stages; and as a user initially setting up their account (if required): 02-stages 03-validation

  3. In the user interface for configuration, when enrolling a device: 04-enrolling

  4. In the user interface for configuration, after enrolling devices: 05-configured

  5. Logging in, choosing an authentication method: 06-logging_in

Describe the solution you'd like It would be nice if all locations used the same verbiage and icons. In particular, for an end user selecting an authentication method for enrollment (2), having icons beside the types and not displaying the underlying stage name would be much easier to understand. The fifth setup (logging in) looks the most professional, although I could argue that the icons don't necessarily match up to their types.

Describe alternatives you've considered Initially, we changed the stage names to be more friendly (something like the following). 📃 Backup Codes 🕓 Authenticator App 🔑 Security Key We ended up switching them back to the default in order to use the built-in blueprints, and because it still displayed differently in the other locations where we couldn't set the display.

Additional context This probably seems like nitpicking, but I think this will give Authentik a much more polished appearance to have the names and icons be consistent. Also, in the Flow titles, "Setup" should be "Set Up" (noun versus verb), but I haven't seen where that displays to the end user.

sevmonster commented 1 year ago

Related I think to #4380. The overall user experience with MFA and admin stage implementation both could use some adjusting. Personally I think the "TOTP" term should just be evicted, no one knows what it means unless they already understand the technology, and most other services do not use this acronym.

I would recommend against "authenticator app" or any similar wordage as both TOTP and WebAuthn can be completed using apps/smartphones, this could be potentially confusing for users in a general sense (it might work in your environment). Could start using the latest industry terms being pushed like "Passkey" for WebAuthn. Really the whole naming scheme for these authentication methods is up in the air and everyone knows it as something else.

sevmonster commented 1 year ago

See also #5005