davift opened a new issue, #13335: URL: https://github.com/apache/cloudstack/issues/13335
### The required feature described as a wish **Description:** The "Tyranny of Default" principle recommends enabling the global setting `mandate.user.2fa` from the start. Security can always be downgraded later, but most users will simply accept whatever defaults they are given. If `mandate.user.2fa` is not set, 2FA remains ineffective even for those users who have already enrolled. **Affected Components:** Management UI **Impact:** Without mandatory enforcement, users may choose not to enroll in 2FA. In environments with regulatory or compliance requirements (e.g., PCI-DSS, SOC 2), the absence of enforced MFA may constitute a compliance gap. **Steps to Reproduce:** - Log in to the CloudStack Management UI as a Root Admin. - Navigate to Configuration > Global Settings. - Search for `mandate.user.2fa` and confirm the value is False. - Create a new user account at any permission level. - Log in as that user and confirm that access is granted without any 2FA prompt. **Recommended Remediation:** Set `mandate.user.2fa` to True by default. Users will be naturally guided to set up 2FA at first login without friction, and the first impression of the ACS project will reflect a stronger security posture. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
