From 6460245d5eae227c4c6f09407896e14e5070849c Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 23 May 2022 20:38:16 +0200 Subject: [PATCH] website/docs: add missing docs for #2828 Signed-off-by: Jens Langhammer --- .../docs/flow/stages/authenticator_validate/index.md | 12 ++++++++++-- website/docs/releases/v2022.5.md | 4 ++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/website/docs/flow/stages/authenticator_validate/index.md b/website/docs/flow/stages/authenticator_validate/index.md index c274e68d1..77985a62a 100644 --- a/website/docs/flow/stages/authenticator_validate/index.md +++ b/website/docs/flow/stages/authenticator_validate/index.md @@ -21,7 +21,15 @@ Using the `Not configured action`, you can choose what happens when a user does By default, authenticator validation is required every time the flow containing this stage is executed. To only change this behavior, set _Last validation threshold_ to a non-zero value. (Requires authentik 2022.5) Keep in mind that when using Code-based devices (TOTP, Static and SMS), values lower than `seconds=30` cannot be used, as with the way TOTP devices are saved, there is no exact timestamp. -## Passwordless authentication +### Less-frequent validation + +:::info +Requires authentik 2022.5.1 +::: + +You can configure this stage to only ask for MFA validation if the user hasn't authenticated themselves within a defined time period. To configure this, set _Last validation threshold_ to any non-zero value. Any of the users devices within the selected classes are checked. + +### Passwordless authentication :::info Requires authentik 2021.12.4 @@ -37,7 +45,7 @@ As final stage, bind a _User login_ stage. Users can either access this flow directly via it's URL, or you can modify any Identification stage to add a direct link to this flow. -#### Logging +### Logging Logins which used Passwordless authentication have the _auth_method_ context variable set to `auth_webauthn_pwl`, and the device used is saved in the arguments. Example: diff --git a/website/docs/releases/v2022.5.md b/website/docs/releases/v2022.5.md index 068b65b5f..53c79e574 100644 --- a/website/docs/releases/v2022.5.md +++ b/website/docs/releases/v2022.5.md @@ -22,6 +22,10 @@ slug: "2022.5" See [LDAP provider](../providers/ldap.md#cached-bind) - OAuth2: Add support for `form_post` response mode +- Don't prompt users for MFA when they've authenticated themselves within a time period + + You can now configure any [Authenticator Validation Stage](../flow/stages/authenticator_validate/index.md) stage to not ask for MFA validation if the user has previously authenticated themselves with an MFA device (of any of the selected classes) in the `Last validation threshold`. + - Optimise bundling of web assets Previous versions had the entire frontend bundled in a single file (per interface). This has been revamped to produce smaller bundle sizes for each interface to improve the loading times.