We have set up sso to the tyk cloud dashboard successfully, bower we would like to retain two user accounts in tyk as “break glass” account as is general good practice.
As these break glass accounts are admin account mult-factor auth should apply.
Hey @grayson thanks for the suggestion, sounds useful. To refine the scope, is there anything beyond having 2FA on admin accounts that’s needed here to meet best practice? In fact is there a guide to this that you are following with your IDP or somewhere else, that we can check requirements against more broadly?
Ideally SSO should be used on Tyk and 2FA be done via that.
For Break glass accounts physical security should be used (locked in a safe) rather than 2FA.
(We have now done the above)