Trying to enforce 2FA for a main group, as well as all sub groups.
This since we need it enabled at all levels from top to lower, without anyone changing it.
I read and followed the
- Require all users in this group to setup two-factor authentication
and ensured this one was not ticked
- Allow subgroups to set up their own two-factor authentication rules
In my understanding this would force the users in all groups, and sub groups under this main group, to have to use 2FA.
But I have two confusions…
If you add additional members to a project within a group or subgroup that has 2FA enabled, 2FA is not required for those individually added members.
Projects belonging to a 2FA-enabled group that is shared with a 2FA-disabled group will not require members of the 2FA-disabled group to use 2FA for the project. For example, if project P belongs to 2FA-enabled group A and is shared with 2FA-disabled group B, members of group B can access project P without 2FA. To ensure this scenario doesn’t occur, prevent sharing of projects for the 2FA-enabled group.
Would anyone be able to shed some lights on this
Thanks in advance