#275 2FA login

LDAPAccountManager · Feb 16, 2024 · 24d9a2c · 24d9a2c
1 parent 190a976
commit 24d9a2c
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/lam/HISTORY b/lam/HISTORY
@@ -5,6 +5,7 @@ March 2024 8.7
   -> Cron job to deactivate inactive accounts based on lastBind overlay data (265)
   -> Request access: support Windows groups (266)
   -> Request access: usability improvements (278, 279)
+  -> Self service: passwordless SSO login supported for Okta and OpenID
  - Fixed bugs:
   -> User self registration creates accounts only with SSHA hash (287)
 

diff --git a/lam/docs/manual-sources/chapter-selfService.xml b/lam/docs/manual-sources/chapter-selfService.xml
@@ -202,7 +202,10 @@
               server is responsible to authenticate your users. LAM will use
               the given user name + password for the LDAP login. To setup HTTP
               authentication in Apache please see this <ulink
-              url="http://httpd.apache.org/docs/2.2/howto/auth.html">link</ulink>.</entry>
+              url="http://httpd.apache.org/docs/2.2/howto/auth.html">link</ulink>.
+              If you use Okta or OpenID for 2FA then you can also select to
+              trust the 2FA provider. In this case the user does not need to
+              enter any password in LAM itself (SSO).</entry>
             </row>
 
             <row>