Discussion : Creating new account by admin (or within System)
This discussion is regarding whether an account can be created by admin or one register within the system.
Before enforcing 2FA, creating a new account by an admin was possible.
But after enforcing 2FA on Registration part, user doesn't get registered until he set up 2FA.
So if, admin set up an account
- without 2FA: He will have to send credentials and then asked the user to set up 2FA. (Most probably Email, Security Issue)
- with 2FA: Then admin is going to have 2FA credentials of that account. (another concern for the user)
- The previous DB contains created_by in Users Table.
- We don't have Forgot 2FA ? till now. (will be an upcoming feature)