pitbulk
commented
5 years ago The setting file and the python script itself should not be editable by an end-user.
I will consider adding the auto-detection piece of code and add a flag to activate or not this feature.
I noticed the addition and then removal of being able to pass the IP as a parameter. I'd prefer if there was auto-detection of the IP. Seems preferable to adhere to the same process that the OneLogin GUI does. That is, the requirement of using MFA should be dependent on your source IP. If that IP falls into a whitelisted IP then you don't need MFA. Otherwise, you need MFA. For an end-user to be able to arbitrarily edit the source IP and bypass MFA seems like a faulty security model. Just detect it and let the already-defined rules apply.