I have an external user (with Viewer Uploader permission) that says that she is able to log in using a favorites link and never is prompted for 2FA. She was invited to our space in Oct '21 so she had an established account prior to our enforcement of 2FA.
We made the settings below in our admin console in Nov '21:
Enabled for all external collaborators and the configuration tab has
Text message (SMS) or Authenticator app (TOTP)
Enable for all external collaborators
I've run a report to verify that we have no shared links with edit permissions.
How is she able to bypass the 2FA requirement?
Please sign in to leave a comment.