Allow setting a grace period when forcing 2FA
|Assignee:||Marius BALTEANU||% Done:|
|Category:||Accounts / authentication|
On top of #31920 and #35439 which will allow to enable 2FA for certain groups or for administrators, we should add an option in admin to configure a grace period until the 2FA enforcement applies to all users.
In the grace period, the user should be redirected to the 2FA activation page after each successful login and informed about the enforcement, but with the option to skip the activation until enforcement date.
From my point of view, the simplest way is to add a new setting "Enforcement starting from" where the admin can choose the date.
Also, for new registered users, a similar grace period should be configurable, but in number of days.
Any feedback is welcome.
@Plan.io team, I have added you as watchers because the current implementation was provided by you and your feedback is important on all those issues related to 2FA.