Description
The Controller should provide a way for the super admin to enforce Multi-Factor Authentication (MFA) for all ordinary administrators.
When MFA enforcement is enabled, users should not be allowed to continue using the Controller without configuring MFA. In particular, on the first login after the policy is enabled, each user should be required to complete the MFA setup before accessing the Controller.
This feature would improve the security of Controller access, especially in environments where multiple users manage firewall instances and where privileged access must be protected with stronger authentication requirements.
Proposed solution
Add a Controller-wide security option available only to the super admin:
The policy should be enforced centrally by the Controller and should not depend on user-side preferences.
Expected behavior
When the super admin enables mandatory MFA:
- users without MFA configured are forced to configure it at the first login;
- users cannot skip or postpone MFA configuration;
- Controller access is granted only after MFA setup is completed successfully;
- the super admin can clearly see whether MFA enforcement is enabled.
Components
NethSecurity 8.7.2.
Description
The Controller should provide a way for the super admin to enforce Multi-Factor Authentication (MFA) for all ordinary administrators.
When MFA enforcement is enabled, users should not be allowed to continue using the Controller without configuring MFA. In particular, on the first login after the policy is enabled, each user should be required to complete the MFA setup before accessing the Controller.
This feature would improve the security of Controller access, especially in environments where multiple users manage firewall instances and where privileged access must be protected with stronger authentication requirements.
Proposed solution
Add a Controller-wide security option available only to the super admin:
Enable or disable mandatory MFA for Controller users.
When mandatory MFA is enabled:
The policy should be enforced centrally by the Controller and should not depend on user-side preferences.
Expected behavior
When the super admin enables mandatory MFA:
Components
NethSecurity 8.7.2.