What is the preferred workflow for setting up TFA for users?

lcdservices

11/15/23, 3:57 PM

I have a D7 site in which I've setup TFA using TOTP. If TFA is not required, the user can login with their user/pwd, visit the profile page, click the security tab, and setup TFA.

However, if TFA is required for their role, the only way they can setup TFA is to have an admin access their user profile and supply them the code to enter into their auth app, then wait for them to provide the code to enter into the user profile. That is tedious and cumbersome.

Most TFA tools allow the user to initially login to their account and then redirects them to where they can setup TFA themselves.

Am I missing something? Is there a better workflow available? We want to enforce TFA, but don't want to have to manually administer setup for all users.

0 + 2

authentication-authorization

unusedspoon

11/15/23, 5:22 PM

I've not used the d7 module but in the d8 version you could allow X number of logins without TFA before they'd get locked out. Is there a setting for that? That would allow the users to set TFA themselves

lcdservices

11/15/23, 7:25 PM

no, there's no setting along those lines. but something like that is what I'm looking for.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: What is the preferred workflow for setting up TFA for users?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.