Discussion : Creating new account by admin (or within System)
Topic
This discussion is regarding whether an account can be created by admin or one register within the system.
Before enforcing 2FA, creating a new account by an admin was possible.
But after enforcing 2FA on Registration part, user doesn't get registered until he set up 2FA.
So if, admin set up an account
- without 2FA: He will have to send credentials and then asked the user to set up 2FA. (Most probably Email, Security Issue)
- with 2FA: Then admin is going to have 2FA credentials of that account. (another concern for the user)
Note:
- The previous DB contains created_by in Users Table.
- We don't have Forgot 2FA ? till now. (will be an upcoming feature)