MFA enforcement for Cloud Console#23163
Open
bsanchez-the-roach wants to merge 15 commits intomainfrom
Open
Conversation
✅ Deploy Preview for cockroachdb-api-docs canceled.
|
✅ Deploy Preview for cockroachdb-interactivetutorials-docs canceled.
|
Files changed:
|
❌ Deploy Preview for cockroachdb-docs failed. Why did it fail? →
|
Diagram Anchor Check: PassedAll |
|
|
||
| [Organization Admins]({% link cockroachcloud/authorization.md %}#organization-admin) can reset the MFA of any users who have [set up MFA](#set-up-mfa-for-a-password-based-account) for their password-based access. Resetting the MFA will invalidate the user's existing TOTP binding and recovery codes, and it will force the user to go through the enrollment process upon their next login. To reset a user's MFA: | ||
|
|
||
| 1. Log in to the [CockroachDB {{ site.data.products.cloud }} Console](https://cockroachlabs.cloud) as a user with the [Organization Admin]({% link cockroachcloud/authorization.md %}#organization-admin) role. |
Contributor
Author
There was a problem hiding this comment.
This flow was in the Figma demo but not the github one, I want to verify that this is actually in the final feature.
There was a problem hiding this comment.
This was the feature planned but strangely I don't see the designs neither in figma nor github. Can you please point me to the figma link?
Contributor
Author
There was a problem hiding this comment.
|
|
||
| [Organization Admins]({% link cockroachcloud/authorization.md %}#organization-admin) can reset the MFA of any users who have [set up MFA](#set-up-mfa-for-a-password-based-account) for their password-based access. Resetting the MFA will invalidate the user's existing TOTP binding and recovery codes, and it will force the user to go through the enrollment process upon their next login. To reset a user's MFA: | ||
|
|
||
| 1. Log in to the [CockroachDB {{ site.data.products.cloud }} Console](https://cockroachlabs.cloud) as a user with the [Organization Admin]({% link cockroachcloud/authorization.md %}#organization-admin) role. |
There was a problem hiding this comment.
This was the feature planned but strangely I don't see the designs neither in figma nor github. Can you please point me to the figma link?
| 1. Click **Set up Multi-Factor Authentication on your account**. | ||
| 1. Read the information on the **Enable MFA enforcement** modal, then click **Set up MFA**. | ||
| 1. [Set up MFA for your account](#set-up-mfa-for-a-password-based-account). | ||
| 1. An Organization Admin will now be able to enable or disable the **Multi-Factor Authentication Enforcement** toggle. It is switched on by default. |
There was a problem hiding this comment.
Correction: MFA toggle is not switched on by default. There are two scenarios:
- Admin uses SSO to login: They can come and manually enable MFA option.
- Admin uses password to login: They have to setup their own MFA first, once they do that, MFA will be enabled automatically for their org.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
DOC-16025