website/docs: add missing docs for #2828

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-05-23 20:38:16 +02:00
parent b7979ad48e
commit 6460245d5e
2 changed files with 14 additions and 2 deletions

View File

@ -21,7 +21,15 @@ Using the `Not configured action`, you can choose what happens when a user does
By default, authenticator validation is required every time the flow containing this stage is executed. To only change this behavior, set _Last validation threshold_ to a non-zero value. (Requires authentik 2022.5) By default, authenticator validation is required every time the flow containing this stage is executed. To only change this behavior, set _Last validation threshold_ to a non-zero value. (Requires authentik 2022.5)
Keep in mind that when using Code-based devices (TOTP, Static and SMS), values lower than `seconds=30` cannot be used, as with the way TOTP devices are saved, there is no exact timestamp. Keep in mind that when using Code-based devices (TOTP, Static and SMS), values lower than `seconds=30` cannot be used, as with the way TOTP devices are saved, there is no exact timestamp.
## Passwordless authentication ### Less-frequent validation
:::info
Requires authentik 2022.5.1
:::
You can configure this stage to only ask for MFA validation if the user hasn't authenticated themselves within a defined time period. To configure this, set _Last validation threshold_ to any non-zero value. Any of the users devices within the selected classes are checked.
### Passwordless authentication
:::info :::info
Requires authentik 2021.12.4 Requires authentik 2021.12.4
@ -37,7 +45,7 @@ As final stage, bind a _User login_ stage.
Users can either access this flow directly via it's URL, or you can modify any Identification stage to add a direct link to this flow. Users can either access this flow directly via it's URL, or you can modify any Identification stage to add a direct link to this flow.
#### Logging ### Logging
Logins which used Passwordless authentication have the _auth_method_ context variable set to `auth_webauthn_pwl`, and the device used is saved in the arguments. Example: Logins which used Passwordless authentication have the _auth_method_ context variable set to `auth_webauthn_pwl`, and the device used is saved in the arguments. Example:

View File

@ -22,6 +22,10 @@ slug: "2022.5"
See [LDAP provider](../providers/ldap.md#cached-bind) See [LDAP provider](../providers/ldap.md#cached-bind)
- OAuth2: Add support for `form_post` response mode - OAuth2: Add support for `form_post` response mode
- Don't prompt users for MFA when they've authenticated themselves within a time period
You can now configure any [Authenticator Validation Stage](../flow/stages/authenticator_validate/index.md) stage to not ask for MFA validation if the user has previously authenticated themselves with an MFA device (of any of the selected classes) in the `Last validation threshold`.
- Optimise bundling of web assets - Optimise bundling of web assets
Previous versions had the entire frontend bundled in a single file (per interface). This has been revamped to produce smaller bundle sizes for each interface to improve the loading times. Previous versions had the entire frontend bundled in a single file (per interface). This has been revamped to produce smaller bundle sizes for each interface to improve the loading times.