Closed joestubbs closed 2 years ago
joestubbs
commented
2 years ago We need to work through the design for this feature. TACC is moving to Privacy Idea. WMA has implemented TACC MFA into its portals and has recently looked at the new Privacy Idea API. This confluence directory has useful notes: https://confluence.tacc.utexas.edu/display/UP/Multi-Factor+Authentication
joestubbs
commented
2 years ago We need to decide what this means for the password grant type. Right now, the password grant type does not utilize the MFA code, and it won't be too easy to incorporate MFA into it. Dos this mean that any tenant that configures TACC MFA should not be able to use the password flow, and if so, what will be the option for clients like Jupyter notebooks?
joestubbs
commented
2 years ago Released as part of 1.2.3.
A tenant should be able to configure TACC MFA to be required for one or more (or all) grant types. Note that for this issue, use of the TACC MFA requires use of the TACC IdP: incorporating TACC MFA into tenants using a different IdP (for example, through an account mapping) is beyond the scope of this issue.