[OPENAM-11240] "Skip This Step" button on the ForgeRock Authenticator (OATH) screen is missing (HOTP) Created: 05/Jun/17 Updated: 23/Aug/19 Resolved: 03/Jul/18
|Fix Version/s:||13.5.3, 14.1.2, 184.108.40.206, 6.5.0, 6.0.1, 5.5.2|
|Reporter:||John Noble||Assignee:||Lawrence Yarham|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Attachments:||after register the device.png authn-mfa-otp-entry.png no Skip This Step button.png|
|Sprint:||AM Sustaining Sprint 44, AM Sustaining Sprint 45, AM Sustaining Sprint 46, AM Sustaining Sprint 47, AM Sustaining Sprint 48, AM Sustaining Sprint 49, AM Sustaining Sprint 50, AM Sustaining Sprint 51, AM Sustaining Sprint 52|
|Support Ticket IDs:|
Disabling Mandatory Two Factor Authentication does not present the button to "skip this step" as shown in the documentation (see attached screenshot) when users are prompted to authenticate using HOTP.
Steps to reproduce:
User can chose to skip OATH authentication.
No option to skip is presented.
Note: The option to skip is presented when registering a device and for TOTP. Opted out users skip the module entirely as expected.
|Comment by Yaodong Hu [X] (Inactive) [ 15/Oct/17 ]|
trying to duplicate the case.
Part 1, user skip this step without register the device.
Part 2, user register a device, and successfully use HOTP code to login
So just to confirm that the bug is about in the last step, the user should be given another chance to "Skip this step" as Two Factor Authentication Mandatory is not enabled?
|Comment by John Noble [ 24/Oct/17 ]|
Yaodong Hu [X] Yes, the bug is specific the last step you mentioned. The documentation specifies the user should be given the opportunity to "Skip this step":
I guess this makes sense in a conditional auth chain, where the user can "skip" OTP and use another method to authenticate.
|Comment by Jonathan Thomas [ 20/Jun/18 ]|
|Comment by Lawrence Yarham [ 27/Jun/18 ]|
Note that once a user has chosen to skip OTP (either at first time instead of registering the device, or on any subsequent authentication), the OTP is then skipped on all subsequent authentications for that user.
To re-enable OTP, login as the user, then select Dashboard, then under Authentication Devices, menu on top right of section, choose Settings. This contains an option (slider switch) to re-enable 2-step Authentication). Once enabled, this then prompts to register the device on the next login and then once completed, OTP applies again for all subsequent authentications.