davesmith87 Currently MFA is opt in once you get logged in. create a global variable to force MFA so techs have to enroll on their next sign in.
wrongecho I can think of two ways of doing this: Less secure, but the easiest would be to have a button that generates sets up 2FA/QR codes and emails them to all agents Adjust the login flow to check a global/user variable and then present the 2FA QR code screen. Note that if the user navigated away from the 2FA screen then 2FA would be enforced anyway and they wouldn't be able to log back in. The 2nd option seems like the best but is a little more effort and requires a DB change. Thoughts?
davesmith87 I like option 1, as you said not as secure as option 2, but if their email is compromised there are bigger problems.
wrongecho Perhaps there should also be an option to force MFA on new technician creation so that techs are forced to scan/add the MFA token before they can even sign in for the first time?
johnny Partially Implemented see here https://github.com/itflow-org/itflow/commit/2a142f1c426ce1ee9016dee21b1d61fcf1aa33e1 https://github.com/itflow-org/itflow/commit/17c8a9ab0ccbb5f03fbb550b6b01251769a84197 https://github.com/itflow-org/itflow/commit/747b7de143b0f9addba620072af4bcd90a5f8089 Still need to force the user to the 2FA setup page and not allow to go anywhere else if user_token is null and Force MFA is set to 1
