Robert Olejnik
Robert Olejnik
@Vaarlion could you change your core log level to debug (DEFGUARD_LOG_LEVEL=debug for example in docker env) and do the registration of the key again and paste the logs? Thank you!
@Vaarlion does the domain actually exist and is Defguard reachable under this domain? (Meaning you actually enter in the browser: defguard-exp.domain.com)? If you are registering a key and the domain...
The domain must be set in: DEFGUARD_URL and DEFGUARD_WEBAUTHN_RP_ID
@Vaarlion ok thank you for your help an logs. we're going to take this to our ,workshop' and straighten this out! Have a good day!
@Vaarlion closing - please test latest 1.3 alphas - if the bug still persists, please specify logs, YK version and operating system version.
@maxime-morel i do not understand this use-case. If you are using external SSO why don't you use external MFA? You would like to have external SSO for login / enrollment...
@maxime-morel ok got it. So maybe a better approach would be to introduce not MFA configuration for External SSO, but to have a feature that would enable to have mixed...
@freedbygrace since defguard doesn't know anything about your private LAN/corporate network (what are internal classes, gateways etc) how would you propose to accomplish this feature?
Hi @maxime-morel, this is not a bug but our intentional implementation. All current customers when enabling directory sync expect it to behave like this. Sine external SSO is the main...
@maxime-morel I would extend the Solution 1 and add a Setting: _**Ignore users enrolled via Defguard internal SSO when Directory Synchronization is enabled**_ - this way you can choose to...