What is the name of the domain?
atomlearning.com
What is the issue you’re encountering
We’ve just experienced a ridiculous broken path in the CF dash when inviting users to a company account which requires 2FA. If the user chooses Google SSO, it is impossible for them configure 2FA as it requires you to enter a password (which of course you don’t have because you’ve signed in using SSO). What’s even more absurd is then the email address is completely unable to undo signing in with SSO or set a password. They are then just stuck.
What steps have you taken to resolve the issue?
This is essentially the same problem mentioned here: SSO trap - need to allow users to create a password after sign up via SSO (although the poster there is being much more polite - it’s not just feedback, it’s a fundamentally broken feature).
We are not small customer of CF (we have a Business subscription and we use several other services extensively). I don’t understand how SSO was added without considering this basic flow.
We had to set up an entirely new alias just to add someone to the team.
Is there some magic path that we’re unaware of to get around this? Or was SSO just added as a feature without any consideration to existing user paths?
What are the steps to reproduce the issue?
- Have a company account with 2FA required
- Invite someone to the account
- They choose to SSO with Google
- They are then asked to set up 2FA, but in order to do so they have to enter their password. Which they don’t have.
- Enter perpetual state of broken account because they can’t change their email address without entering a password; use a
+alias because that’s not allowed either; or delete their account because it then blocks the email from being used again.
