Skip to content

feat: show if user has 2fa or is federated user in api#3971

Merged
shreddedbacon merged 3 commits intomainfrom
user-2fa-sso-visibility
Sep 10, 2025
Merged

feat: show if user has 2fa or is federated user in api#3971
shreddedbacon merged 3 commits intomainfrom
user-2fa-sso-visibility

Conversation

@shreddedbacon
Copy link
Member

@shreddedbacon shreddedbacon commented Aug 24, 2025

General Checklist

  • Affected Issues have been mentioned in the Closing issues section
  • Documentation has been written/updated
  • PR title is ready for inclusion in changelog

Database Migrations

  • If your PR contains a database migation, it MUST be the latest in date order alphabetically

Description

Currently the only way to check if a user has 2fa enabled is to log in to keycloak as admin to check users individually. This is not ideal, as it can be time consuming and requires users to log in to keycloak directly, which we want to limit.

Another is detecting if a user is using an identity provider instead of direct user access.

This feature will now show if a user has 1 or more 2fa features enabled by setting a has2faEnabled flag on their account in the API. It currently can detect if a user is using totp or webauthn, but the flag is just a true|false

The federated user check will also only detect if the user has any federated identities, and if so will flag the user as a federated user. This appears as isFederatedUser which is also a true|false

The UI could also be extended to display this status so organization owners can see which of their users have 2fa enabled, or which are federated users (SSO).

Example in organization users page:
image

@shreddedbacon shreddedbacon mentioned this pull request Aug 24, 2025
Closed
@shreddedbacon shreddedbacon changed the title feat: show is user has 2fa or is federated user in api feat: show if user has 2fa or is federated user in api Aug 24, 2025
@shreddedbacon shreddedbacon force-pushed the user-2fa-sso-visibility branch from 8cf49c5 to b7bf3a7 Compare August 24, 2025 22:16
@shreddedbacon shreddedbacon marked this pull request as ready for review September 1, 2025 22:19
shreddedbacon
shreddedbacon commented Sep 8, 2025
View reviewed changes
@shreddedbacon shreddedbacon force-pushed the user-2fa-sso-visibility branch from b7bf3a7 to d79f349 Compare September 9, 2025 03:09
rocketeerbkw
rocketeerbkw approved these changes Sep 9, 2025
View reviewed changes
Copy link
Member

@rocketeerbkw rocketeerbkw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed and approved.

@shreddedbacon shreddedbacon merged commit a903205 into main Sep 10, 2025
1 check passed
@shreddedbacon shreddedbacon deleted the user-2fa-sso-visibility branch September 10, 2025 00:36
@shreddedbacon shreddedbacon mentioned this pull request Oct 26, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rocketeerbkw rocketeerbkw rocketeerbkw approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shreddedbacon @rocketeerbkw