-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document MFA enforcement #26750
Document MFA enforcement #26750
Conversation
Preview links (active after the
|
- In Login Methods, a link to **View users without MFA** appears. Click on the link to see the Users list, filtered on users without MFA. | ||
|
||
The setting to require multi-factor authentication is independent of the default login method settings. Regardless of which login methods you enable by default, enforcing MFA requires a second authentication factor for users that log in with an email and password. | ||
|
||
## Reviewing user overrides | ||
|
||
Using overrides, you can change the available login methods for individual users. In the following example, **Sign in with Google** is Off by default in the organization, but one user has it enabled by having an override set. | ||
|
||
{{< img src="account_management/login_methods_disabled_overrides_set.png" alt="Login method disabled, with user override enabled" style="width:80%;">}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added two minor suggestions, but overall it looks good to me 👍
|
||
Setting **Require Multi-Factor Authentication** to `On` has two effects: | ||
- Users that log in with an email and password must register a second authentication factor before accessing the organization. | ||
- In Login Methods, a link to **View users without MFA** appears. Click on the link to see the Users list, filtered on users without MFA. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you think about using a link for View users without MFA* that redirects to the list of users without MFA configured?
The link is the following one for US1: https://app.datadoghq.com/organization-settings/users?filter%5Ballowed_login_methods%5D=standard&filter%5Bmfa_enabled%5D=false&filter%5Bstatus%5D=Active
/merge |
Devflow running:
|
What does this PR do? What is the motivation?
https://datadoghq.atlassian.net/browse/DOCS-9658
Merge instructions
Merge readiness:
Merge queue is enabled in this repo. To have it automatically merged after it receives the required reviews, create the PR (from a branch that follows the
<yourname>/description
naming convention) and then add the following PR comment:Additional notes