Re: enable 2fa for UAA zone

Dan Beneke

Hi CG - 

The 2FA/MFA feature still exist in the most recent versions of UAA, but Dr. Nic is correct in suggesting that our intent is to remove it.  We see the UAA more frequently used as an identity proxy than as an IdP, and often the IdP feature is used to store service accounts over actual human users that would be able to interact with 2FA/MFA flows.  The predominance of this usage pattern has led us to consider viewing UAA on a path to become a stronger identity proxy tool wherein the user brings their own identity (IdP).  This suggests 2FA/MFA features would/could be applied to the external IdP and not to the UAA itself as it would only be acting as a proxy.

Dan Beneke

On Sat, Feb 1, 2020 at 7:23 PM JohnG via Lists.Cloudfoundry.Org <> wrote:
>I think the UAA team deprecated or removed 2FA/MFA features.

Not sure I am following the "why",  to remove 2FA for UAA zone?

Any documentation pointing to that would be much appreciated.

Thanks Dr Nic!

Join to automatically receive all group messages.