What is a one sentence summary of your feature request?
Require manual admin approval for newly onboarded users after TOTP setup before granting access to assigned password areas, to enhance security and control.
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Description:
Our users are synchronized via Active Directory and are automatically assigned to the appropriate password areas based on their group membership.
Request:
Upon first login, new users should be required to complete TOTP (Time-based One-Time Password) setup. However, immediately after TOTP activation, users should not be granted access to their assigned password areas automatically. Instead, access should remain blocked until manually approved by an administrator or an authorized colleague from the respective department.
Objective:
Increase security through an additional manual verification step during first-time access
Prevent unintended or unauthorized access despite technically correct group assignment
Improve control over the initial release of access to sensitive password areas
Possible Implementation:
Set the user’s access status to “Pending Approval” after TOTP setup
Notify administrators or authorized department users about pending access approvals
Grant access only after explicit confirmation by an authorized person
How do you currently solve the challenges you have by not having this feature?
Without this feature, there is a risk that newly onboarded users gain immediate access to sensitive password areas solely based on group membership, potentially leading to unauthorized access before proper verification—posing a significant security vulnerability.