AWS IAM, which is kind of the gold standard in configurable xaas authentication roles (although maybe a but overly complex).
I'm looking to emulate them on this (ie shamelessly copy) whenever I have an auth system for a similarly complex multi user system to spec or implement.
I also think there are other forms of 2fa besides totp/hotp which are worth adding, and the general amazon strategy of "multiple levels of logged in stet per user" for various actions on their retail shopping site has much broader applicability too.
In general I think Amazon has done an exceptional job here across multiple products.
I'm looking to emulate them on this (ie shamelessly copy) whenever I have an auth system for a similarly complex multi user system to spec or implement.
I also think there are other forms of 2fa besides totp/hotp which are worth adding, and the general amazon strategy of "multiple levels of logged in stet per user" for various actions on their retail shopping site has much broader applicability too.
In general I think Amazon has done an exceptional job here across multiple products.