fix(iam): members migration MTA-6076 #5072
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ldecarvalho-doc
added
type: new content
RoRoJ
approved these changes
Jun 5, 2025
bene2k1
approved these changes
Jun 5, 2025
crlptl
reviewed
Jun 5, 2025
crlptl
reviewed
Jun 5, 2025
crlptl
reviewed
Jun 5, 2025
crlptl
reviewed
Jun 5, 2025
| | Login | Guests logged into their own accounts and could access all Organizations they were a part of via the console. | Currently, Members must log into each of their Organizations separately to access them. If they log into an Organization, then want to access a different one using the same email, they must log out of the former first. | | ||
| | Enforcement of MFA | It was not possible to enforce MFA if a Guest in your Organization had not enabled MFA in their account. Organization admins could send reminder emails, but had to wait for the Guest to enable MFA, or remove them from the Organization to complete the enforce process. | When MFA is enforced in the Organization, Members have a [grace period](iam/concepts/#grace-period) to enable MFA in their accounts. This period is set by the Organization admins and starts as soon as a new Member is added. If they fail to enable MFA within this period, their accounts are locked. | | ||
| | Password renewal | Guests were not required to renew their passwords to stay in an Organization. | As a security measure, Organization admins can require Members to renew their passwords within a grace period. If a password was attributed to Members upon their creation, they must renew this password after their first login. | | ||
| | User management | Guest accounts and personal Organizations could not be managed by anyone other than them. Their permissions on Organizations they were invited to are the prerogative of Organization admins. | Member accounts are an 100% manageable resource - they can be created, updated, locked and deleted by Organization admins. | |
There was a problem hiding this comment.
More especially, email address, member name, and passwords can be edited by an IAM admin and MFA can be deactivated by an IAM admin
Co-authored-by: Rowena Jones <[email protected]>
Co-authored-by: Nathanael Demacon <[email protected]>
ldecarvalho-doc
force-pushed
the
MTA-6076
branch
from
d420f8f to
4f7f2af
Compare
bene2k1
approved these changes
Jun 19, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.