TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 18:17:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: allow to force MFA local only (#6234)

Browse Source 
This PR adds an option to the LoginPolicy to "Force MFA for local users", so that users authenticated through an IDP must not configure (and verify) an MFA.
This commit is contained in:
Livio Spring
2023-07-20 06:06:16 +02:00
committed by GitHub
parent 1c3a15ff57
commit fed15574f6
49 changed files with 488 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
proto/zitadel/admin.proto
View File

@@ -5866,6 +5866,11 @@ message UpdateLoginPolicyRequest {
description: "defines if the user can additionally (to the login name) be identified by their verified phone number"
}
];
bool force_mfa_local_only = 17 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "if activated, only local authenticated users are forced to use MFA. Authentication through IDPs won't prompt a MFA step in the login."
}
];
}
message UpdateLoginPolicyResponse {

10
proto/zitadel/management.proto
View File

@@ -9654,6 +9654,11 @@ message AddCustomLoginPolicyRequest {
description: "defines if the user can additionally (to the login name) be identified by their verified phone number"
}
];
bool force_mfa_local_only = 20 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "if activated, only local authenticated users are forced to use MFA. Authentication through IDPs won't prompt a MFA step in the login."
}
];
}
message AddCustomLoginPolicyResponse {
@@ -9698,6 +9703,11 @@ message UpdateCustomLoginPolicyRequest {
description: "defines if the user can additionally (to the login name) be identified by their verified phone number"
}
];
bool force_mfa_local_only = 17 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "if activated, only local authenticated users are forced to use MFA. Authentication through IDPs won't prompt a MFA step in the login."
}
];
}
message UpdateCustomLoginPolicyResponse {

5
proto/zitadel/policy.proto
View File

@@ -239,6 +239,11 @@ message LoginPolicy {
description: "defines if the user can additionally (to the login name) be identified by their verified phone number"
}
];
bool force_mfa_local_only = 22 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "if activated, only local authenticated users are forced to use MFA. Authentication through IDPs won't prompt a MFA step in the login."
}
];
}
enum SecondFactorType {

5
proto/zitadel/settings/v2alpha/login_settings.proto
View File

@@ -104,6 +104,11 @@ message LoginSettings {
description: "resource_owner_type returns if the settings is managed on the organization or on the instance";
}
];
bool force_mfa_local_only = 22 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "if activated, only local authenticated users are forced to use MFA. Authentication through IDPs won't prompt a MFA step in the login."
}
];
}
enum SecondFactorType {