How to tie a mandatory OTP to a group belonging?

Imagine we have 2 groups:

  • standardUsers
  • authorizationUsers
    standardUsers members only have an id and a password as credentials.
    but authorizationUser do have a 2FA when they self-create their account or their account is created.
    Of course since the members of authorizationUsers group are only a few, we could plan a manual creation but I ask this question in the context of a delegation (of authorizationUsers members).
    Thank you,


I’m replying to myself :slight_smile:
I think I found what I was looking for thanks to Thomas Darimont.

It’s not exactly what I was seeking but it’s not very far.
This extension allows to modify the way a client is reached by introducing in the workflow (Browser for example) a group belonging.
That could play the game for me if there were 2 different clients but that’s not the case: it’s the same client with different pages (example of a wordpress site and an access to /wp-admin).
In my use case, the group belonging is NOT a trigger to go farther in the workflow it’s a matter for enabling another mean of authentication.