This option will enforce two-factor authentication for every login attempt coming from an ip outside the specified whitelist.
An informative text is displayed if the second factor has not been configured yet. The two-factor setup must happen from a whitelisted address.
Note:
This might be a niche use-case that only we are facing. I decided to prepare the PR nonetheless and let you decide wether this is something that you might be interested in getting back upstream.
Yeah, this is probably not a very common use case. I would however like a feature that forces users to setup two-factor authentication on first login/before redirecting to the service (regardless of the IP range).
Previously two-factor authentication was an opt-in per user. There are situations where two-factor auth is required to access a system.
This patch adds a configuration option:
This option will enforce two-factor authentication for every login attempt coming from an ip outside the specified whitelist.
An informative text is displayed if the second factor has not been configured yet. The two-factor setup must happen from a whitelisted address.
Note: This might be a niche use-case that only we are facing. I decided to prepare the PR nonetheless and let you decide wether this is something that you might be interested in getting back upstream.