Trying to get an idea of how others are handling user security specifically related to locking down remote access and Multifactor Authentication combined.
Scenario 1 - Want to lock down certain users from accessing the system if they are not onsite. We can accomplish this via “Valid IP Ranges” config setting.
Scenario 2 - Want certain managers/owners to be able to access the system regardless of where they are (and using Multifactor Authentication when not onsite). Can accomplish part of this using “Skip Multifactor Authentication In These IP Ranges” config setting. However if I am using Valid IP Ranges from scenario 1 then they can’t log in from just any location.
Ideally, would like to have something at the Role or User level that blocks certain users to access the system regardless of IP address and Multifactor Authentication. OR would require some approval before providing a multifactor authentication code so we can deny access for certain users in Scenario 1? Does this already exist and we just can’t find the settings?