Post-X-Society/Post-Tyranny-Tech-Infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Post-Tyranny-Tech-Infrastru.../ansible/roles/authentik/tasks
History
Pieter 2d94df6a8a feat: Add automated 2FA/MFA enforcement for Authentik 
Implements automatic configuration of 2FA enforcement via Authentik API:

**Features:**
- Forces users to configure TOTP authenticator on first login
- Supports multiple 2FA methods: TOTP, WebAuthn, Static backup codes
- Idempotent: detects existing configuration and skips update
- Fully automated via Ansible deployment

**Implementation:**
- New task file: ansible/roles/authentik/tasks/mfa.yml
- Updates default-authentication-mfa-validation stage via API
- Sets not_configured_action to "configure"
- Links default-authenticator-totp-setup as configuration stage

**Configuration:**
```yaml
not_configured_action: configure
device_classes: [totp, webauthn, static]
configuration_stages: [default-authenticator-totp-setup]
```

**Testing:**
 Deployed to dev server successfully
 MFA enforcement verified via API
 Status: "Already configured" (idempotent check works)

Users will now be required to set up 2FA on their next login.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-14 16:11:08 +01:00
..
bootstrap.yml fix: Remove blocking HTTPS check from Authentik bootstrap 2026-01-12 07:07:55 +01:00
docker.yml feat: Complete Authentik SSO integration with automated OIDC setup 2026-01-08 16:56:19 +01:00
email.yml feat: Add complete email configuration automation 2026-01-13 10:39:26 +01:00
flows.yml feat: Implement Authentik flow configuration via blueprints 2026-01-14 14:15:58 +01:00
main.yml feat: Add automated 2FA/MFA enforcement for Authentik 2026-01-14 16:11:08 +01:00
mfa.yml feat: Add automated 2FA/MFA enforcement for Authentik 2026-01-14 16:11:08 +01:00
providers.yml feat: Complete Authentik SSO integration with automated OIDC setup 2026-01-08 16:56:19 +01:00