Create a helpdesk role which would be able to manage otp tokens
Use case:
Actual results: Insufficient access
Expected results: User member of helpdesk role should be able to manage user token
Note: Consider security implication of such role described at: http://www.freeipa.org/page/V4/OTP#Helpdesk I.e. such role needs to be carefully designed so as not to permit helpdesk privilege escalation.
Metadata Update from @pvoborni: - Issue assigned to someone - Issue set to the milestone: Future Releases
I would expect that the helpdesk role could at least: - check if an OTP token exists for a user ("You can't log in because you haven't set up 2FA") - delete the token on the user's behalf ("I lost my phone")
OTP tokens managed by group would also be useful
Metadata Update from @pcech: - Custom field affects_doc adjusted to on - Custom field knownissue adjusted to on - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.