Closed helloboy1980 closed 4 weeks ago
redhook62
commented
4 weeks ago In your case, users provide various information to IT support. They are disabled by default. It is up to the administrators to enable users with the console or in powershell
helloboy1980
commented
4 weeks ago If users scan QR code and try to type incorrect number, the user will be created in enable status in MFA and at the next time that he/she wants to connect to MFA, he/she will be able to connect to MFA without admin approval!
redhook62
commented
4 weeks ago No, this is not a security issue at all, and besides I know what allows you to say that. Your users have abandoned the registration process in a messy way and have not validated the TOTP which is nevertheless mandatory in your case. Good for them, they will have to go through you to unblock them. Basically, if all this can really annoy them, it's great...
Hi
I have set configuration like the picture below but when users start to enroll, in the first step that MFA shows QR code, if user type the TOTP code incorrect, the user will be created in enable state and he/she will be able to login to MFA without the admin confirmation for enabling him/her. How can I prevent this? I want to enroll my user in disable state in MFA in all possible scenarios.