Jump to content

Resend Authenticator QR via API


parrishk

Recommended Posts

Hi parrishk,

 

Thanks for your request, but sorry there are no plans for this.

 

Sending a QR code should not need to be done all that often, which is why we have no plans to include it in the API. Honestly, we think through the UI would be just as fast, as you would need to modify your API Script each time you want to execute it.

Regards

Click Studios

Link to comment
Share on other sites

Hi,

 

While I can agree that this "should not need to be done all that often" it seems that is the case here. Typically, this is because of people switching phones.

 

That is why I think it would be beneficial to be able to use the API. Writing a custom Powershell function would allow us to simply specify the user needing reset without modifying the script each time.


Just a thought but if it is not on the roadmap then I will just have to use the GUI :-)

 

Thanks for getting back to me!

Link to comment
Share on other sites

In this vein, it would be nice for users to send themselves their QR code through some kind of password reset process. 
It's not a huge deal, however it's recently occured to us (before Christmas) that I had to reset my phone, and the other security admin was on holidays - meaning I had no access to passwordstate during this time.
If there was a method on the 2FA screen to say "Don't have access" and then carry out some other form of verification (Security question combined with SMS codes or email codes comes to the top of my head) it would be a huge help.

I agree with support that doing this programmatically via the API doesn't seem to be all that useful unless you are dealing with 10s of resets a day.
But perhaps a reset option like my suggestion above takes it out of the hands of administrators and into the hands of the users.

(I maybe going crazy, but I got deja-vu typing this. So if I've previously requested this ignore it lol)

Link to comment
Share on other sites

27 minutes ago, support said:

Thanks for your feedback. If you do lock yourself out again for any reason, you can use the Emergency Access Login to authenticate, and then reset or email yourself the QR code again.

Yeah I know. I could have logged in as our primary security administrator account as well, but both those methods require the CIO - who was on leave at the time as well. (since it was Christmas and all). 

Link to comment
Share on other sites

Hi Sarge,

 

Sure, that makes sense. It will take us quite some time to work on this request, and maybe in the meantime you could suggest the following process improvements to mitigate against this issue you had:
 

  • Your CIO always has a delegate
  • Your Change Advisory Board support 'Emergency Changes', if they don't already.


Regards

Click Studios

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...