Changelog

Step-up authentication temporarily disabled

Release Notes

Summary

Step-up authentication is temporarily disabled for sensitive dashboard actions. Signed-in administrators can complete protected changes without an additional re-authentication prompt.

Changes

  • Step-up authentication enforcement is turned off for sensitive organization and security settings changes.
  • Actions such as role assignment, user membership changes, API key rotation, authentication settings updates, network configuration, policy changes, and related administrative operations no longer require a fresh sign-in within the prior 15-minute step-up window.
  • Session handling for dashboard sign-in was adjusted to improve session expiry consistency.

Impact

Security/audit impact: Sensitive administrative actions can be performed with only the existing dashboard session. Organizations that relied on step-up re-authentication for an extra check on high-risk changes will not receive that prompt until enforcement is restored.

Classification

Auth, Security, Admin, Tenant Workflow