|
|
|
|
|
|
by the_mitsuhiko
422 days ago
|
|
|
If you enforce an organization to have a 2FA sign-in then yes, it's enforced that the session was created with a second factor. In Sentry's case you also need to go through SSO once every 24 hours. There is no way for you to get a valid session token without going through that which can be used to create a signed merge commit. |
|
|