- Issue created by @Bhanu951
- 🇺🇸United States cmlara
Adding some context here for discussion. I'm not really firmly draw to this one way or the other at the moment.
Arguments for Error:
The account is required to have TFA but doesn't, this could be seen as the account in an 'error' condition.
The user will be locked out if they do not take action.
It requires administrative interaction to resolve the situation if a user fails to setup TFA when required.
We want users to see this and take action as soon as possible.
A logout could happen at any time.Arguments for Warning:
Nothing has failed yet, this is just a notice that the user needs to take action.
A user can continue until they are logged out which could be some time in the future.
✨ Force user to setup TFA when required and there are no remaining skips Needs work could reduce the risk the risk of a lockout/admin intervention reducing the need for the severity.