Problem statement
What is the difference between the multifactor_last_modified field and other fields like created_at in the mfa enrollments section of a user profile JSON? When is a user’s multifactor_last_modified field updated?
"multifactor_last_modified": "2022-10-28T18:03:00.808Z",
"app_metadata": {
"authorization": {
"groups": [],
"roles": [],
"permissions": []
}
},
"last_ip": "170.51.110.49",
"last_login": "2022-10-28T18:02:09.802Z",
"logins_count": 11,
"blocked_for": [],
"guardian_authenticators": [
{
"id": "sms|dev_XXXX",
"type": "sms",
"confirmed": true,
"name": "XXXXXXXXXXXXX",
"created_at": "2022-10-28T18:02:37.000Z",
"last_auth_at": "2022-10-28T18:03:00.000Z"
}
]
}
Symptoms
- There can be different time stamps for the multifactor_last_modified field and created_at for a user.
- They may have an enrollment created_at a specific date, but then the field multifactor_last_modified for that user contains a date that is far older than the previous one, causing some confusion.
Steps to reproduce
- Create an MFA enrollment for a user
- Create another enrollment
- The multifactor_last_modified, will refer to the last enrollment in this case
- Remove an enrollment or reset MFA and the multifactor_last_modified will make reference to the last update to MFA settings.
Solution
The multifactor_last_modified field will show the last time there was a change related to the MFA settings for a user (create/delete enrollments or even reset MFA). The created_at field is the date an enrollment request started.