You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: README.md
+6-6
Original file line number
Diff line number
Diff line change
@@ -131,7 +131,7 @@ This is standard TOTP using Google Authenticator or any other app which conforms
131
131
132
132
### Auth Type
133
133
134
-
This is so you can specify that logging in via say SAML via ADFS which may have already done it's own MFA checks and is worth 100 points effectly make it exempt from additional checks.
134
+
This is so you can specify that users with certain auth types, eg SAML via ADFS, which may have already done it's own MFA checks, is worth 100 points which makes it exempt from additional checks.
135
135
136
136
### Non-admin
137
137
@@ -159,13 +159,13 @@ In theory you could impement almost anything as a factor, such as time of day, r
If a users cumulative points is high enough then they are able to login. Points can be weighted for different factors. Some factors do not require any input, such as checking their IP Address is inside secure subnet, while other factors require input such as entering a code like TOTP or SMS. Factors with no input are checked first and then the remaining factors are checked in from the largest points to the smaller until you either have a cumulative points high enough to login, or you run out of factors and you are denied login.
165
165
166
166
When you configure the points in the admin settings it will generate a list of valid factor permutations to easily check it's configured the way you want.
167
167
168
-
####Example 1
168
+
### Example 1
169
169
170
170
If you have 3 factors configured, all factors default to 100 points effectiely making any of then enough to login:
171
171
@@ -186,7 +186,7 @@ OR
186
186
* using a TOTP app
187
187
```
188
188
189
-
####Example 2
189
+
### Example 2
190
190
191
191
If you change all 3 points to 50 then it would say:
192
192
@@ -199,7 +199,7 @@ OR
199
199
* is on a secured network AND using a TOTP app
200
200
```
201
201
202
-
####Example 3
202
+
### Example 3
203
203
204
204
With a configuration of:
205
205
@@ -230,7 +230,7 @@ While you are setting up MFA there are 2 things which help make it simple to see
230
230
231
231
1) In the settings page is a 'Summary of good conditions for login' which does what it says on the box. If you have not setup any factors, or if they are configured in a way which would never all login then it will warn you.
232
232
233
-
2) You can turn on debug mode, when you are logging in and stepping through the MFA login flow if will show you the list of factors and how they have been resolved.
233
+
2) You can turn on debug mode, when you are logging in and stepping through the MFA login flow if will show you the list of factors and how they have been resolved. This is also shown on the MFA user settings page after you have logged in showing what combination was used for you session.
234
234
235
235
If you have inadvertantly messed things up and locked yourself out, you can disable the whole MFA plugin from the CLI:
0 commit comments