habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

website/docs: add missing docs for #2828

Browse Source 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
2022-05-23 20:38:16 +02:00
parent b7979ad48e
commit 6460245d5e
2 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
website/docs/flow/stages/authenticator_validate/index.md
View File

@ -21,7 +21,15 @@ Using the `Not configured action`, you can choose what happens when a user does
By default, authenticator validation is required every time the flow containing this stage is executed. To only change this behavior, set _Last validation threshold_ to a non-zero value. (Requires authentik 2022.5)
Keep in mind that when using Code-based devices (TOTP, Static and SMS), values lower than `seconds=30` cannot be used, as with the way TOTP devices are saved, there is no exact timestamp.
## Passwordless authentication
### Less-frequent validation
:::info
Requires authentik 2022.5.1
:::
You can configure this stage to only ask for MFA validation if the user hasn't authenticated themselves within a defined time period. To configure this, set _Last validation threshold_ to any non-zero value. Any of the users devices within the selected classes are checked.
### Passwordless authentication
:::info
Requires authentik 2021.12.4
@ -37,7 +45,7 @@ As final stage, bind a _User login_ stage.
Users can either access this flow directly via it's URL, or you can modify any Identification stage to add a direct link to this flow.
#### Logging
### Logging
Logins which used Passwordless authentication have the _auth_method_ context variable set to `auth_webauthn_pwl`, and the device used is saved in the arguments. Example:

4
website/docs/releases/v2022.5.md
View File

@ -22,6 +22,10 @@ slug: "2022.5"
See [LDAP provider](../providers/ldap.md#cached-bind)
- OAuth2: Add support for `form_post` response mode
- Don't prompt users for MFA when they've authenticated themselves within a time period
You can now configure any [Authenticator Validation Stage](../flow/stages/authenticator_validate/index.md) stage to not ask for MFA validation if the user has previously authenticated themselves with an MFA device (of any of the selected classes) in the `Last validation threshold`.
- Optimise bundling of web assets
Previous versions had the entire frontend bundled in a single file (per interface). This has been revamped to produce smaller bundle sizes for each interface to improve the loading times.