Enable reset TOTP for endusers
It would be great if the end user could reset there TOTP so that it would not put a burden on the support each time a user gets a new phone. This is not possible if Require 2 Factor for HTTP/S is enabled.
-
Hi Robin,
Thank you for the feedback. I can submit this to our product team for review. One thing I want to point out is that if you are forcing 2FA for your users, there is no way for them to disable 2FA to request a new token to sign up. This is an administrative task that must be accomplished on the server side. It is a limitation to enforcing 2FA on users. In order to have a better understanding of your support team's burden, how often are end users switching their phones? I am only asking because we have introduced some guidelines for enhancement requests. https://support.cerberusftp.com/hc/en-us/community/posts/1500000413782-Feature-Request-Guidelines
We are doing this to have a better understanding of our customer's issues.
The most helpful features requests are the ones that give as many details as possible. The more detail the better for when our team reviews the request. To make your requests more effective, please provide as much context/background information as possible. It would help if you can try to also answer the following questions.
- What is the problem that this feature would fix?
- Why is it a problem?
- Is there a workaround you currently have for this problem?
- Do you have a suggestion on how you would like to see the problem fixed?
- How big is the problem? Who is affected by this problem (End Users, Admins, etc.)?
Jeff
0 -
Hello Jeff! Thank you for your quick reply!
The customer is a global business with several departments in many different countries. We are talking about around 3000 users and the support team is quite small and located in one country. How often the end user changes their phone is hard for me to answer but I believe that they have a lifespan on there phones for about 2 years. The customer is running 3 instances of Cerberus in 3 parts of the world.
I understand that if we enforce the 2FA they cannot disable it. But a great feature would bee that instead of the disable button on their account there would be a button to reset the 2FA
- What is the problem that this feature would fix?
Remove the 2FA reset from the support to the possibility for the end user to reset there 2FA when they get a new device.
- Why is it a problem?
This is unnecessary work for the support. If 50% of the end users can manage this by themselves, this would save a lot of time.
- Is there a workaround you currently have for this problem?
The current workaround is that the end user creates a request to the support for them to reset there 2FA.
- Do you have a suggestion on how you would like to see the problem fixed?
I would like to see the following:
When you enforce the 2FA the button changes from Disable 2 factor to Reset 2 factor. It will have the same behavior as if there was optional to use 2FA except when you hit reset you will get the setup prompt right away. If this is not configured, then next time the end user tries to login, they will be prompted to set up 2FA exactly as when they login for the first time.
- How big is the problem? Who is affected by this problem (End Users, Admins, etc.)?
For an environment with many users and many instances this can be a bit over whelming. And impacts both end users and admins.
0 -
Great. Thank you for the feedback.
0
Please sign in to leave a comment.
Comments
3 comments