I am starting an integration using the Web SDK for a web application. The login flow fits perfectly well with the example provided in the Duo Web SDK documentation, and we plan to implement it as described.
However, our application includes a feature we call "administrative actions." These are sensitive operations (e.g., modifying user permissions..) that occur post-login and require two-factor authentication (2FA) verification before execution.
- Is the Web SDK the appropriate solution to handle these "administrative actions" flows, or would you recommend using a different approach? (How do you recommend implementing this flow while keeping the user on the page where the "administrative action" is performed?)
- Does the Web SDK have any limitations or constraints for handling multiple 2FA requests?
- Would implementing post-login 2FA for these flows with the Web SDK require any specific configuration changes or additional considerations beyond the default setup?
- If we decide to add mobile support for login, can the Web SDK be used as well? What about administrative actions?