Open RushanNanayakkara opened 1 week ago
We need to create the migration doc issue as well with the details. With the property EnableSMSOTPPasswordRecoveryIfConnectorEnabled , which connector we are referring to? Should we explicitly enable the connector? In that case, it is better to mention that step as well in the migration doc.
Describe the issue: Password recovery connector was controlled through
Password.Recovery.Notification.Enable
configuration so far. With the introduction of SMS OTP for password recovery we have introduced two new additional configurationsRecovery.Notification.Password.emailLink.Enable
andRecovery.Notification.Password.smsOtp.Enable
which controls whether email link option and the SMS OTP recovery option should be enabled.During the initial read of the resident IDP, if the
Password.Recovery.Notification.Enable
config is enabled (which means password recovery is enabled) theRecovery.Notification.Password.emailLink.Enable
option will be enabled by default. This is since in the previous IS versions the former config also controlled the enable/disable state of emailLink recovery option.Recovery.Notification.Password.smsOtp.Enable
config will be disabled by default through this on-demand migration process.However, with the new SMS OTP option, one can decide to enable SMS OTP for all password recovery config(
Recovery.Notification.Password.smsOtp.Enable
) through the on-demand migration by enabling toml configConfigSwitching.OnInitialUse.EnableSMSOTPPasswordRecoveryIfConnectorEnabled
.On demand migration behaviour : Migration will automatically run during the first read operation of the resident IdP for each tenant. The existing users who have password recovery enabled, will have the emailLink option enabled and smsOtp option disabled by default. A new toml config was introduced to change this behaviour to enable smsOtp option through on demand as well Config :
ConfigSwitching.OnInitialUse.EnableSMSOTPPasswordRecoveryIfConnectorEnabled
deployment config.Related Issus