What is a one sentence summary of your feature request?
Using a second MFA Method when the first isn’t available, instead of resetting the whole MFA Method for the user
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
We’re using a Yubikey as a MFA method. But what happens when you loose your Yubikey or it happens to be not around you. We would like to use OpenOTP as a Fallback Method if this happens. Or any other MFA method available.
How do you currently solve the challenges you have by not having this feature?
Thanks for your suggestion! We’ve noted your idea of using a second MFA method as a fallback and will make sure the team takes a look at it. We’ll update you once we have more information on how we can move forward with this.
We do use TOTP as second factor and would be interested in a fallback as well.
One idea would be to allow admins to give users a one-time-use shortcut, instead of resetting to whole MFA.
For now we do work with a workaround - setting the IP of the users device on the IP Filter list via Admin Client and database settings. However, this is a bit time consuming to pull off and can only be done by database-admins.