since 2.0 we added the possibility to upgrade a session if the authentication level is not enough when accessing to an application.
Now I would like to require a 2FA when accessing an application. We can't really use authentication level here as I need to require the 2FA for several applications, even if we already used the 2FA on a first one.
I was thinking of creating a new Handler type "2FA" that will require the 2FA. We need these configuration settings:
- 2FA type (TOTP, U2F, REST...)
- Skip if OTP received within X minutes
- Condition to bypass MFA or to Require MFA
The question is how to play the MFA? The best would be to redirect user on portal, but on a different process than the authentication process, it is just a MFA request.