Idea ID: 2784354

Email notification when an authenticator is enrolled, modified, or deleted

Status: Under Consideration

Under Consideration

See status update history

When a user or help desk agent enrolls, modifies, or deletes a user's authenticator, there is no notification to the user of this activity. This means that users' authenticators could be changed unbeknownst to the user (for example, help desk agent changes a user's PIN or assigns their YubiKey to another account).

It would be desirable to have a configurable option where when a user or someone else changes their authenticators, an email is sent to the user. That way the user can report this activity if they get an email about authenticator management actions that they did not perform.