Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78509

Add Multi-factor authentication (MFA) plugin

    XMLWordPrintable

Details

    • MOODLE_403_STABLE
    • MOODLE_403_STABLE
    • MDL-78509-master
    • Hide

      Test are also covered by unittest

      Prerequisites

      1. Apply the patch
      2. Do the upgrade processes until finished
        1. You can enable the mfa plugin at the end of the upgrade process or
        2. You can enable the mfa plugin by going to the Site admin > plugins > admin tools 
      3. Go to Site admin > plugin > plugin overview
        1. Verify that Multi-factor authentication exists.
        2. Verify that Multi-factor authentication / factor exists with its 12 factors listed
        3. Verify that you do not see SMS, Security Questions and Login Banner factors
        4. Verify that WebAuthn exists in Site admin > Development > Third party libraries

      Testing

      In this part will be testing each factor along with setting up the configuration.

      Warning: If you have inadvertantly messed things up and locked yourself out, you can disable the whole MFA plugin from the CLI:

      php admin/cli/cfg.php --component=tool_mfa --name=enabled --set=0

      Note: Please use two different browsers for testing otherwise you will be locked by a specific factor

      1. One is for the configuration called "Site admin"
      2. The second second browser is for testing called "Testing".

      1. Authentication type factor test

      1. Go to Site admin > plugins > admin tools > Multi-factor authentication
      2. Enable the Authentication type factor and click on the factor's Settings
      3. You will see three options in Factor authentication types that are disabled by default and when it is enabled it means that those types of accounts can login, so if you disable all of them or just any of them the associated account will not be able to authenticate.
        1. Please disable the Manual accounts and go to "Testing" browser and login.
        2. Verify that you are unable to authenticate.
        3. Enable the Manual accounts again
        4. Verify that you can login

      2. User capability factor test

      1. Go to Site admin > plugins > admin tools
      2. Enable the User capability factor and click on the factor's Settings
      3. Enable Site admins can pass this factor if it's not enabled yet
      4. Go to "Testing" browser and login as an admin
      5. Verify that you can pass the factor
      6. Go back to "Site admin" and disable the Site admins can pass this factor
      7. Go back to "Testing" browser and login as an admin
      8. Verify that you are unable to authenticate.

      3. Cohort factor test

      1. In "Site admin" browser go to Site admin > Users > Cohorts
      2. Click on Add new cohort to add new cohort
      3. Assign some users like admin and s1
      4. Go to Site admin > plugins > admin tools
      5. Enable the Cohort factor and click on the factor's Settings
      6. Do not select the created cohort yet
      7. Go to "Testing" browser and try to login
      8. Verify that you can still login with the users that have been assigned to the cohort
      9. Back to "Site admin" browser select the created cohort in cohort factor setting page then save it
      10. Back to "Testing" browser and login with the assigned user in cohort
      11. Verify that you are unable to authenticate.

      4. E-Mail factor test

      1. Make sure you have mail server installed like Mailpit and run
      2. Go to Site admin > Server > Outgoing mail configuration
      3. Set the SMTP hosts to "0.0.0.0:1025"
      4. Set the No-reply address to an email then save it
      5. Go to Site admin > plugins > admin tools
      6. Enable the E-mail factor and click on the factor's Settings
      7. Change the Validity duration to 10 seconds then save it
      8. Go to "Testing" browser then login with any users but admin
      9. "Verify that you are taken to a page that requires you to enter the verification code
      10. Enable your Mailpit through "http://localhost:8025/"
      11. Look for the latest email, get the verification code in the email then enter the code in the verification code input
      12. "Verify" that you can pass the factor and taken to home page
      13. Logout then login again, but this time you need to wait until the time you set for Validity duration in email factor's settings expired
      14. Go to Mailpit and look for the latest email, get the code and enter the code
      15. Verify that you cannot login due to the code being expired and you have some trials left
      16. Try to use that old code until the trials finished
      17. Try to get a new code by logging in again
      18. Verify that you have been locked out by the factor and cannot authenticate anymore

      5. Grace period factor test

      1. Go to Site admin > plugins > admin tools
      2. Enable the Grace period and click on the factor's Settings
      3. Set the Grace period to 1 minutes then save
      4. Go to "Testing" browser then login with any users
      5. Verify that you get a warning that says "Your grace period expires in n secs."
      6. Logout then wait until the grace period ended, then login again
      7. Verify that you have been blocked by the factor unless you set another authentication factor to pass the grace factor
      8. Go back to "Site admin" browser then go to Site admin > Admin tools Multi-factor authentication
      9. Click on Reset user authentication factors link to reset any blocked users
      10. Make sure you select Grace period" for Select factor to reset
      11. Enter the username you want to unblock then click on the Reset user factor button
      12. Go to grace factor setting again
      13. Enable the Force factor setup then save it
      14. Go back to "Testing" browser then login with any users
      15. Verify that you are taken to "Multi-factor authentication preferences" page and you see a message "You must complete setup for Multi-factor authentication before you can proceed."

      6. Role factor test

      For teachers, students, managers and others other than admin, you need to create a course and assign them

      1. Go to Site admin > plugins > admin tools
      2. Enable the Role factor and click on the factor's Settings
      3. Block any user levels by selecting them in Non-passing roles like student and click save
      4. Go to "Testing" browser and login with a student level
      5. Verify that you are unable to authenticate.

      7. TOTP factor test (Authenticator app) - Only applied to Admins

      1. Go to Site admin > plugins > admin tools
      2. Enable the Authenticator app factor and just leave the default Settings
      3. Still in "Site admin" browser, click on user profile picture in header, the click on Preferences
      4. Click on Multi-factor authentication preferences in User account block
      5. Look for Authenticator app block under Available factors the click on the Setup App button
        1. Set Device label to any names (This field is required)
        2. Scan the QR code displayed in that page using any authenticator app
        3. Once it's added, you will get code from the app
        4. Enter the code from the app in Enter verification code for confirmation then save changes
      6. Go to "Testing" browser and login as admin
      7. Verify that you are taken to a page where you need to enter the code from the authenticator app and enter the code in Enter verification code for confirmation
      8. Verify that once the code is entered, you are taken straight to home page without pressing the Verify code button

      8. WebAuthn factor test (Security key) - Only applied to Admins

      1. Go to Site admin > plugins > admin tools
      2. Enable the Security key factor and just leave the default Settings
      3. Still in "Site admin" browser, click on user profile picture in header, the click on Preferences
      4. Click on Multi-factor authentication preferences in User account block
      5. Look for Security key block under Available factors the click on the Setup authenticator button
        1. Set Security key Name to any names (This field is required)
        2. Click on Register autheticator and you will be ask to choose the authentication device
        3. You can choose any or finger print if you have that in your machine then Save changes
      6. Go to "Testing" browser, then login as admin user
      7. Verify that you are taken to a page where you will authenticate using the WebAuthn
      8. Click on Verify authenticator button then follow the same steps when you registered the authenticator
      9. Verify that once the authentication succeed, you are taken to the home page

      9. Non-administrator factor test

      1. Go to Site admin > plugins > admin tools
      2. Enable the Non-administrator factor and just leave the default Settings
      3. Go to "Testing" browser and login as admin
      4. Verify that you are not able to authenticate then click logout button
      5. Login again but this time with non admin users
      6. Verify that you can login with no authentication

      10. No other factors factor test

      1. Go to Site admin > plugins > admin tools
      2. Enable the No other factors factor and just leave the default Settings
      3. Go to "Testing" browser and with any users
      4. Verify that you can login with no authentication

      11. Trust this device factor test - It has to go with a single authenticator factor so for this test just use the authenticator app

      1. Go to Site admin > plugins > admin tools
      2. Enable the Trust this device and Authenticator app factors and just leave the default Settings
      3. Make sure you have set Authenticator app for admin user
      4. Go to "Testing" browser and login as admin
      5. Verify that you are taken to a page that requires you to enter code from the authenticator app
      6. Enter the code in Enter verification code for confirmation
      7. Make sure that Trust this device is enabled so next time you don't need to get the code from the authenticator app
      8. Press Verify code if the authentication is not processed directly.
      9. Once logged in, logout then login again
      10. Verify that when you press the "I don't have my device" and not putting any code, you still can authenticate and login

      12. IP range factor test

      Prerequisites for Mac users only

      1. Make sure you are connected to a same network and so is the other devices that will be used to test.
      2. Get the IP address of your Mac in which the Moodle instance is running
        1. Go to System preference > Wi-Fi
        2. Click on "Details" of the connected network and note down the IP address
      3. Open the config.php file in your Moodle instance root then replace the "http://localhost_" of "$CFG->wwwroot_" with your IP, which will look something like:

        $CFG->wwwroot = 'http://YOUR_IP/SITE_NAME';

      For non Mac users who use ngrok or other tunneling servers, you just need to set it up then continue to testing

      Testing

      1. Go to Site admin > plugins > admin tools
      2. Enable IP range factor and click on the factor's Settings
      3. If your IP is not in the Safe IP ranges yet, you will need to enter it:
        1. Verify that you see a warning message of "Your IP (YOUR_CURRENT_IP) is not in the list and you will not pass this factor."
        2. Get the IP in the warning message and set it in Safe IP ranges
        3. (Mac only)To make all the IPs covered, you need to put like "192.168.1.0/24" based on your IP
        4. Save changes
      4. Go to "Testing" browser and login with an admin user
        1. Remember to use the IP address from the $CFG->wwwroot 
      5. Verify that you should be able to authenticate and login
      6. Go back to "Site admin" browser
      7. Go to Site admin > plugins > admin tools
      8. Click on IP range factor Settings
      9. Delete your IP address from the list in Safe IP ranges then save changes
      10. Go back to "Testing" browser and login with an admin user
      11. Verify that you are not able to authenticate

      13. Test factor weight

      This test will cover the use of different weights in multiple enabled factors.

      1. Enable Non-administration, WebAuthn and Authenticator app factors
      2. Make sure the weights are all 100 in each of the factor
      3. Go to "Testing" browser and login as student
      4. Verify that you are able to authenticate and login
      5. Go back to "Site admin", change the weight for the Non-administration factor to 50 then save it
      6. Go back to "Testing" browser then login as student again
      7. Verify that are not able to authenticate to login

      14. Test using site policy with email factor

      1. Go to Site Administration > Users > Privacy and policies > Policy settings
      2. Select Policies (tool_policy) in _Site policy handler and Save changes
      3. Go to Site Administration > Users > Privacy and policies > Manage policies
      4. Click on Create new policy then input all the required fields
      5. Set Active in Policy status then Save
      6. Continue with #4 E-Mail factor test
      7. Verify all went well
      Show
      Test are also covered by unittest Prerequisites Apply the patch Do the upgrade processes until finished You can enable the mfa plugin at the end of the upgrade process or You can enable the mfa plugin by going to the Site admin > plugins > admin tools  Go to Site admin > plugin > plugin overview Verify that Multi-factor authentication exists. Verify that Multi-factor authentication / factor exists with its 12 factors listed Verify that you do not see SMS, Security Questions and Login Banner factors Verify that WebAuthn exists in Site admin > Development > Third party libraries Testing In this part will be testing each factor along with setting up the configuration. Warning : If you have inadvertantly messed things up and locked yourself out, you can disable the whole MFA plugin from the CLI : php admin/cli/cfg.php --component=tool_mfa --name=enabled --set=0 Note : Please use two different browsers for testing otherwise you will be locked by a specific factor One is for the configuration called "Site admin" The second second browser is for testing called "Testing". 1. Authentication type factor test Go to Site admin > plugins > admin tools > Multi-factor authentication Enable the Authentication type factor and click on the factor's Settings You will see three options in Factor authentication types that are disabled by default and when it is enabled it means that those types of accounts can login, so if you disable all of them or just any of them the associated account will not be able to authenticate. Please disable the Manual accounts and go to "Testing" browser and login. Verify that you are unable to authenticate. Enable the Manual accounts again Verify that you can login 2. User capability factor test Go to Site admin > plugins > admin tools Enable the User capability factor and click on the factor's Settings Enable Site admins can pass this factor if it's not enabled yet Go to "Testing" browser and login as an admin Verify that you can pass the factor Go back to "Site admin" and disable the Site admins can pass this factor Go back to "Testing" browser and login as an admin Verify that you are unable to authenticate. 3. Cohort factor test In "Site admin" browser go to Site admin > Users > Cohorts Click on Add new cohort to add new cohort Assign some users like admin and s1 Go to Site admin > plugins > admin tools Enable the Cohort factor and click on the factor's Settings Do not select the created cohort yet Go to "Testing" browser and try to login Verify that you can still login with the users that have been assigned to the cohort Back to "Site admin" browser select the created cohort in cohort factor setting page then save it Back to "Testing" browser and login with the assigned user in cohort Verify that you are unable to authenticate. 4. E-Mail factor test Make sure you have mail server installed like Mailpit and run Go to Site admin > Server > Outgoing mail configuration Set the SMTP hosts to "0.0.0.0:1025" Set the No-reply address to an email then save it Go to Site admin > plugins > admin tools Enable the E-mail factor and click on the factor's Settings Change the Validity duration to 10 seconds then save it Go to "Testing" browser then login with any users but admin "Verify that you are taken to a page that requires you to enter the verification code Enable your Mailpit through "http://localhost:8025/" Look for the latest email, get the verification code in the email then enter the code in the verification code input "Verify" that you can pass the factor and taken to home page Logout then login again, but this time you need to wait until the time you set for Validity duration in email factor's settings expired Go to Mailpit and look for the latest email, get the code and enter the code Verify that you cannot login due to the code being expired and you have some trials left Try to use that old code until the trials finished Try to get a new code by logging in again Verify that you have been locked out by the factor and cannot authenticate anymore 5. Grace period factor test Go to Site admin > plugins > admin tools Enable the Grace period and click on the factor's Settings Set the Grace period to 1 minutes then save Go to "Testing" browser then login with any users Verify that you get a warning that says "Your grace period expires in n secs." Logout then wait until the grace period ended, then login again Verify that you have been blocked by the factor unless you set another authentication factor to pass the grace factor Go back to "Site admin" browser then go to Site admin > Admin tools Multi-factor authentication Click on Reset user authentication factors link to reset any blocked users Make sure you select Grace period" for Select factor to reset Enter the username you want to unblock then click on the Reset user factor button Go to grace factor setting again Enable the Force factor setup then save it Go back to "Testing" browser then login with any users Verify that you are taken to "Multi-factor authentication preferences" page and you see a message "You must complete setup for Multi-factor authentication before you can proceed." 6. Role factor test For teachers, students, managers and others other than admin, you need to create a course and assign them Go to Site admin > plugins > admin tools Enable the Role factor and click on the factor's Settings Block any user levels by selecting them in Non-passing roles like student and click save Go to "Testing" browser and login with a student level Verify that you are unable to authenticate. 7. TOTP factor test (Authenticator app) - Only applied to Admins Go to Site admin > plugins > admin tools Enable the Authenticator app factor and just leave the default Settings Still in "Site admin" browser, click on user profile picture in header, the click on Preferences Click on Multi-factor authentication preferences in User account block Look for Authenticator app block under Available factors the click on the Setup App button Set Device label to any names (This field is required) Scan the QR code displayed in that page using any authenticator app Once it's added, you will get code from the app Enter the code from the app in Enter verification code for confirmation then save changes Go to "Testing" browser and login as admin Verify that you are taken to a page where you need to enter the code from the authenticator app and enter the code in Enter verification code for confirmation Verify that once the code is entered, you are taken straight to home page without pressing the Verify code button 8. WebAuthn factor test (Security key) - Only applied to Admins Go to Site admin > plugins > admin tools Enable the Security key factor and just leave the default Settings Still in "Site admin" browser, click on user profile picture in header, the click on Preferences Click on Multi-factor authentication preferences in User account block Look for Security key block under Available factors the click on the Setup authenticator button Set Security key  Name to any names (This field is required) Click on Register autheticator and you will be ask to choose the authentication device You can choose any or finger print if you have that in your machine then Save changes Go to "Testing" browser, then login as admin user Verify that you are taken to a page where you will authenticate using the WebAuthn Click on Verify authenticator button then follow the same steps when you registered the authenticator Verify that once the authentication succeed, you are taken to the home page 9. Non-administrator factor test Go to Site admin > plugins > admin tools Enable the Non-administrator factor and just leave the default Settings Go to "Testing" browser and login as admin Verify that you are not able to authenticate then click logout button Login again but this time with non admin users Verify that you can login with no authentication 10. No other factors factor test Go to Site admin > plugins > admin tools Enable the No other factors factor and just leave the default Settings Go to "Testing" browser and with any users Verify that you can login with no authentication 11. Trust this device factor test - It has to go with a single authenticator factor so for this test just use the authenticator app Go to Site admin > plugins > admin tools Enable the Trust this device and Authenticator app factors and just leave the default Settings Make sure you have set Authenticator app for admin user Go to "Testing" browser and login as admin Verify that you are taken to a page that requires you to enter code from the authenticator app Enter the code in Enter verification code for confirmation Make sure that Trust this device is enabled so next time you don't need to get the code from the authenticator app Press Verify code if the authentication is not processed directly. Once logged in, logout then login again Verify that when you press the " I don't have my device " and not putting any code, you still can authenticate and login 12. IP range factor test Prerequisites for Mac users only Make sure you are connected to a same network and so is the other devices that will be used to test. Get the IP address of your Mac in which the Moodle instance is running Go to System preference > Wi-Fi Click on "Details" of the connected network and note down the IP address Open the config.php file in your Moodle instance root then replace the " http://localhost_ " of " $CFG->wwwroot_" with your IP, which will look something like: $CFG ->wwwroot = 'http://YOUR_IP/SITE_NAME' ; For non Mac users who use ngrok or other tunneling servers, you just need to set it up then continue to testing Testing Go to Site admin > plugins > admin tools Enable IP range factor and click on the factor's Settings If your IP is not in the Safe IP ranges yet, you will need to enter it: Verify that you see a warning message of "Your IP (YOUR_CURRENT_IP) is not in the list and you will not pass this factor." Get the IP in the warning message and set it in Safe IP ranges (Mac only) To make all the IPs covered, you need to put like "192.168.1.0/24" based on your IP Save changes Go to "Testing" browser and login with an admin user Remember to use the IP address from the $CFG->wwwroot  Verify that you should be able to authenticate and login Go back to "Site admin" browser Go to Site admin > plugins > admin tools Click on IP range factor Settings Delete your IP address from the list in Safe IP ranges then save changes Go back to "Testing" browser and login with an admin user Verify that you are not able to authenticate 13. Test factor weight This test will cover the use of different weights in multiple enabled factors. Enable Non-administration , WebAuthn and Authenticator app factors Make sure the weights are all 100 in each of the factor Go to "Testing" browser and login as student Verify that you are able to authenticate and login Go back to "Site admin", change the weight for the Non-administration factor to 50 then save it Go back to "Testing" browser then login as student again Verify that are not able to authenticate to login 14. Test using site policy with email factor Go to Site Administration > Users > Privacy and policies > Policy settings Select Policies (tool_policy) in _Site policy handler and Save changes Go to Site Administration > Users > Privacy and policies > Manage policies Click on Create new policy then input all the required fields Set Active in Policy status then Save Continue with #4 E-Mail factor test Verify all went well
    • 10
    • Team Hedgehog 2023 Sprint 2.3, Team Hedgehog 2023 Review 2, Team Hedgehog 2023 Sprint 3.1

    Description

      Add the existing tool_mfa (https://github.com/catalyst/moodle-tool_mfa) into Moodle core. This is not a Moodle authentication plugin. It leverages API's to enable plugins to augment the login process instead of replacing it. This means that this MFA plugin can be added on top of any other authentication plugin resulting in a much cleaner architecture, and it means you can compose a solution that does everything you need instead of compromising by swapping out the entire login flow. Meaning this can still work with existing SSO flows for example.

      The first step will be to rectify any remaining issues identified in MDL-78387 As outlined in this report

      For a first pass we will not be including the following factors:

      • SMS - This relies on another plugin, that basically adds the AWS SDK. There will be a seperate issue relating to this.
      • Security Questions - This is currently out of scope as it relies on another plugin that is not core.
      • Login Banner - This is a cool feature (see: login banner factor) However, this does not belong here. We should extend/modify/fix tool_policy to support this.

      The WebAuthn (hardware token) factor uses a 3rd party library for webAuthn support. As part of this issue, this library should be moved out of tool_mfa and into the core 3rd party libs. This will make it easier for others to use it, and will help with tasks like making a first factor login method for hardware tokens (MDL-76125)

      Apart from the above tasks the aim is to include tool_mfa "as is" into Moodle LMS. Then iterate on it once the initial functionality is available.

      While we are working on this it will be a good idea to bring the plugin in with its existing git history and to have separate commits for each of the actions. This can be then squashed for integration

      To summarise:

      • Include the plugin in core Moodle LMS
      • Fix remaining issues in, the review report
      • Don't include the factors: SMS, Security Questions, and Login Banner
      • Move the WebAuth library to the core 3rd party libs and refactor as required.
      • Follow up tasks will be collated in the Epic MDL-78508 and done as separate tasks
      • Bring in plugin history and do things as seperate commits that are squashed before integration

       

      Attachments

        1. (1) 3-2 Passed -- (Master)MDL-78509.png
          (1) 3-2 Passed -- (Master)MDL-78509.png
          146 kB
        2. (1) 3-4 Passed -- (Master)MDL-78509.png
          (1) 3-4 Passed -- (Master)MDL-78509.png
          134 kB
        3. (2) 5 Passed -- (Master)MDL-78509.png
          (2) 5 Passed -- (Master)MDL-78509.png
          139 kB
        4. (2) 8 Passed -- (Master)MDL-78509.png
          (2) 8 Passed -- (Master)MDL-78509.png
          140 kB
        5. (3) 11 Passed -- (Master)MDL-78509.png
          (3) 11 Passed -- (Master)MDL-78509.png
          130 kB
        6. (3) 8 Passed -- (Master)MDL-78509.png
          (3) 8 Passed -- (Master)MDL-78509.png
          125 kB
        7. (4) 12 Passed -- (Master)MDL-78509.png
          (4) 12 Passed -- (Master)MDL-78509.png
          130 kB
        8. (4) 15 Passed -- (Master)MDL-78509.png
          (4) 15 Passed -- (Master)MDL-78509.png
          131 kB
        9. (4) 18 Passed -- (Master)MDL-78509.png
          (4) 18 Passed -- (Master)MDL-78509.png
          153 kB
        10. (4) 9 Passed -- (Master)MDL-78509.png
          (4) 9 Passed -- (Master)MDL-78509.png
          123 kB
        11. (5) 15 Passed -- (Master)MDL-78509.png
          (5) 15 Passed -- (Master)MDL-78509.png
          189 kB
        12. (5) 5 Passed -- (Master)MDL-78509.png
          (5) 5 Passed -- (Master)MDL-78509.png
          160 kB
        13. (5) 7 Passed -- (Master)MDL-78509.png
          (5) 7 Passed -- (Master)MDL-78509.png
          166 kB
        14. (6) 5 Passed -- (Master)MDL-78509.png
          (6) 5 Passed -- (Master)MDL-78509.png
          155 kB
        15. (7) 7 Passed -- (Master)MDL-78509.png
          (7) 7 Passed -- (Master)MDL-78509.png
          132 kB
        16. (7) 8 Passed -- (Master)MDL-78509.png
          (7) 8 Passed -- (Master)MDL-78509.png
          139 kB
        17. (I) 3.1 Passed -- (Master)MDL-78509.png
          (I) 3.1 Passed -- (Master)MDL-78509.png
          82 kB
        18. (I) 3.2 Passed -- (Master)MDL-78509.png
          (I) 3.2 Passed -- (Master)MDL-78509.png
          81 kB
        19. (I) 3.3 Passed -- (Master)MDL-78509.png
          (I) 3.3 Passed -- (Master)MDL-78509.png
          85 kB
        20. (I) 3.4 Passed -- (Master)MDL-78509.png
          (I) 3.4 Passed -- (Master)MDL-78509.png
          80 kB
        21. MDL-78509_test11.png
          MDL-78509_test11.png
          22 kB
        22. MDL-78509_test1-1.png
          MDL-78509_test1-1.png
          181 kB
        23. MDL-78509_test11-1.png
          MDL-78509_test11-1.png
          22 kB
        24. MDL-78509_test12.png
          MDL-78509_test12.png
          128 kB
        25. MDL-78509_test1-2.png
          MDL-78509_test1-2.png
          167 kB
        26. MDL-78509_test12-1.png
          MDL-78509_test12-1.png
          128 kB
        27. MDL-78509_test2-1.png
          MDL-78509_test2-1.png
          182 kB
        28. MDL-78509_test2-2.png
          MDL-78509_test2-2.png
          196 kB
        29. MDL-78509_test3-1.png
          MDL-78509_test3-1.png
          160 kB
        30. MDL-78509_test3-2.png
          MDL-78509_test3-2.png
          86 kB
        31. MDL-78509_test5-1.png
          MDL-78509_test5-1.png
          54 kB
        32. MDL-78509_test5-2.png
          MDL-78509_test5-2.png
          68 kB
        33. MDL-78509_test5-3.png
          MDL-78509_test5-3.png
          39 kB
        34. MDL-78509_test6.png
          MDL-78509_test6.png
          99 kB
        35. MDL-78509_test7-1.png
          MDL-78509_test7-1.png
          139 kB
        36. MDL-78509_test7-2.png
          MDL-78509_test7-2.png
          123 kB
        37. MDL-78509_test7-3.png
          MDL-78509_test7-3.png
          22 kB
        38. MDL-78509_test8-1.png
          MDL-78509_test8-1.png
          22 kB
        39. MDL-78509_test8-2.png
          MDL-78509_test8-2.png
          44 kB
        40. MDL-78509_test8-3.png
          MDL-78509_test8-3.png
          71 kB
        41. MDL-78509_test8-a.png
          MDL-78509_test8-a.png
          99 kB
        42. MDL-78509 - Case 10 - No other factors.png
          MDL-78509 - Case 10 - No other factors.png
          98 kB
        43. MDL-78509 - Case 11 - Trust this device.png
          MDL-78509 - Case 11 - Trust this device.png
          91 kB
        44. MDL-78509 - Case 12 - IP Range factor.png
          MDL-78509 - Case 12 - IP Range factor.png
          72 kB
        45. MDL-78509 - Case 12 - IP Range factor ok.png
          MDL-78509 - Case 12 - IP Range factor ok.png
          121 kB
        46. MDL-78509 - Case 13 - Student login MFA.png
          MDL-78509 - Case 13 - Student login MFA.png
          96 kB
        47. MDL-78509 - Case 13 - Studentno login change weight to 50 non-administrator.png
          MDL-78509 - Case 13 - Studentno login change weight to 50 non-administrator.png
          135 kB
        48. MDL-78509 - Case 14 - Policy.png
          MDL-78509 - Case 14 - Policy.png
          58 kB
        49. MDL-78509 - Case 14 - Policy MFA.png
          MDL-78509 - Case 14 - Policy MFA.png
          48 kB
        50. MDL-78509 - Case 14 - Policy MFA Email factor testing.png
          MDL-78509 - Case 14 - Policy MFA Email factor testing.png
          24 kB
        51. MDL-78509 - Case 1 - Unable to authenticate.png
          MDL-78509 - Case 1 - Unable to authenticate.png
          137 kB
        52. MDL-78509 - Case 2 - check unable to authenticate.png
          MDL-78509 - Case 2 - check unable to authenticate.png
          77 kB
        53. MDL-78509 - Case 2 - Setup.png
          MDL-78509 - Case 2 - Setup.png
          88 kB
        54. MDL-78509 - Case 3.png
          MDL-78509 - Case 3.png
          83 kB
        55. MDL-78509 - Case 4 - Email  factor verification code.png
          MDL-78509 - Case 4 - Email factor verification code.png
          61 kB
        56. MDL-78509 - Case 5 - Force factor.png
          MDL-78509 - Case 5 - Force factor.png
          42 kB
        57. MDL-78509 - Case 5 - Grace period 1 minute.png
          MDL-78509 - Case 5 - Grace period 1 minute.png
          119 kB
        58. MDL-78509 - Case 6 - Role factor.png
          MDL-78509 - Case 6 - Role factor.png
          74 kB
        59. MDL-78509 - Case 7 - TOTP factor test auth app.png
          MDL-78509 - Case 7 - TOTP factor test auth app.png
          106 kB
        60. MDL-78509 - Case 8 - Security Key.png
          MDL-78509 - Case 8 - Security Key.png
          70 kB
        61. MDL-78509 - Case 8 - Security key login.png
          MDL-78509 - Case 8 - Security key login.png
          82 kB
        62. MDL-78509 - Case 9 - Non-administrator login.png
          MDL-78509 - Case 9 - Non-administrator login.png
          158 kB
        63. MDL-78509 - Setup MFA.png
          MDL-78509 - Setup MFA.png
          27 kB
        64. MDL-78509 - Setup MFA 2.png
          MDL-78509 - Setup MFA 2.png
          119 kB
        65. MDL-78509 - Setup MFA 3.png
          MDL-78509 - Setup MFA 3.png
          7 kB

        Issue Links

          Activity

            People

              stevani.andolo@moodle.com Stevani Andolo
              matt.porritt@moodle.com Matt Porritt
              Raquel Ortega Raquel Ortega
              Huong Nguyen Huong Nguyen
              Carlos Escobedo Carlos Escobedo
              Votes:
              3 Vote for this issue
              Watchers:
              21 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 4 weeks, 3 days, 3 hours
                  4w 3d 3h

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.