MISP
/
misp-book
mirror of https://github.com/MISP/misp-book
2
0
Fork 0
Code Issues Releases Wiki Activity

[users:totp_delete] fix documentation to specify that both site admins and org admins can delete totp for users

pull/296/head
Jeroen Pinoy 2023-09-28 09:46:56 +02:00
parent 3ec79274ab
commit 6f6844015a
No known key found for this signature in database
GPG Key ID: DF33A50B8E4EE081
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
administration/README.md
View File

@ -892,7 +892,7 @@ If you do not have them installed yet, you can run the equivalent of the below c
You can see which users have TOTP/HOTP configured in the users index:
![Screenshot of users index page, with highlight showing the column which indicates a user has TOTP/HOTP configured](./figures/user-with-totp-active-in-users-index.png)
As a site-admin (users can't do this themselves), you can delete TOTP/HOTP for a user from the view user page, by clicking the TOTP Delete button.
As a site admin or org admin (users can't do this themselves), you can delete TOTP/HOTP for a user from the view user page, by clicking the TOTP Delete button.
![Screenshot of view user page with highlighted delete OTP button](./figures/delete-totp-button.png)
### Mandating TOTP/HOTP usage

2
using-the-system/README.md
View File

@ -692,6 +692,6 @@ After setting up TOTP/HOTP for your account, you will be prompted for an OTP on
![Screenshot of page requesting you to enter OTP after login](./figures/login-otp-request.png)
Enter either a generated TOTP from your authenticator software, or the specified (numbered) paper based token.
#### Deleting and re-generating TOTP/HOTP tokens
Deletion of the TOTP/HOTP setup for your user can only be done by a site admin, reach out to the site admins of your instance in case you want to set up new tokens.
Deletion of the TOTP/HOTP setup for your user can only be done by site admins and organisation admins. Reach out to your org admin (preferred), or alternatively to a site admin of your instance, in case you want to set up new tokens.
#### Combining multiple forms of multi-factor authentication
It is currently not possible to combine multiple forms of multi-factor authentication. As an example: once your user has TOTP/HOTP assigned, you can't use e-mail OTP for it. If you are using a system which has e-mail OTP set up as well, e-mail OTP will be used again when your TOTP/HOTP setup is deleted.