Skip to content

Enforce MFA for all ordinary administratorsΒ #1722

Description

@cotosso

Description

The Controller should provide a way for the super admin to enforce Multi-Factor Authentication (MFA) for all ordinary administrators.

When MFA enforcement is enabled, users should not be allowed to continue using the Controller without configuring MFA. In particular, on the first login after the policy is enabled, each user should be required to complete the MFA setup before accessing the Controller.

This feature would improve the security of Controller access, especially in environments where multiple users manage firewall instances and where privileged access must be protected with stronger authentication requirements.

Proposed solution

Add a Controller-wide security option available only to the super admin:

  • Enable or disable mandatory MFA for Controller users.

  • When mandatory MFA is enabled:

    • users without MFA configured must be redirected to the MFA setup flow at login;
    • users must complete MFA setup before accessing any Controller functionality;
    • users who already have MFA configured can continue using the Controller normally;

The policy should be enforced centrally by the Controller and should not depend on user-side preferences.

Expected behavior

When the super admin enables mandatory MFA:

  • users without MFA configured are forced to configure it at the first login;
  • users cannot skip or postpone MFA configuration;
  • Controller access is granted only after MFA setup is completed successfully;
  • the super admin can clearly see whether MFA enforcement is enabled.

Components

NethSecurity 8.7.2.

Metadata

Metadata

Assignees

No one assigned

    Labels

    controllerThe issue is related to the controller

    Fields

    No fields configured for Feature.

    Projects

    Status
    ToDo πŸ•

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions