Skip to content

[v17] Enforce device trust check post-MFA and log as AppSessionStart#63260

Merged
21KennethTran merged 1 commit intobranch/v17from
kennethtran/v17-devicetrust
Jan 30, 2026
Merged

[v17] Enforce device trust check post-MFA and log as AppSessionStart#63260
21KennethTran merged 1 commit intobranch/v17from
kennethtran/v17-devicetrust

Conversation

@21KennethTran
Copy link
Contributor

@21KennethTran 21KennethTran commented Jan 28, 2026

Rejects app session requests for untrusted devices after MFA and generates an AppSessionStart failure event in audit logs.

Backports #62019

changelog: Ensure application session rejections for untrusted devices are consistently audited as AppSessionStart failures after MFA

@21KennethTran 21KennethTran changed the title Created check for device trust after MFA before creating web session … [v17] Enforce device trust check post-MFA and log as AppSessionStart Jan 29, 2026
@21KennethTran 21KennethTran force-pushed the kennethtran/v17-devicetrust branch from c1fb109 to c62a182 Compare January 30, 2026 16:34
@21KennethTran 21KennethTran marked this pull request as ready for review January 30, 2026 18:02
@github-actions github-actions bot added audit-log Issues related to Teleports Audit Log backport size/md ui labels Jan 30, 2026
codingllama
codingllama approved these changes Jan 30, 2026
View reviewed changes
Copy link
Contributor

@codingllama codingllama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Friendly reminder to manually test before landing PRs on active release branches.

@21KennethTran 21KennethTran added this pull request to the merge queue Jan 30, 2026
Merged via the queue into branch/v17 with commit 64e28c6 Jan 30, 2026
45 checks passed
@21KennethTran 21KennethTran deleted the kennethtran/v17-devicetrust branch January 30, 2026 21:21
@aadc-dev aadc-dev mentioned this pull request Feb 2, 2026
Merged
21KennethTran added a commit that referenced this pull request Feb 5, 2026
@21KennethTran
Revert "Created check for device trust after MFA before creating web …
df7c92d 
…session (#62019) (#63260)"

This reverts commit 64e28c6.
@21KennethTran 21KennethTran mentioned this pull request Feb 5, 2026
Merged
21KennethTran added a commit that referenced this pull request Feb 6, 2026
@21KennethTran
Revert "Created check for device trust after MFA before creating web …
295e024 
…session (#62019) (#63260)"

This reverts commit 64e28c6.
21KennethTran added a commit that referenced this pull request Feb 6, 2026
@21KennethTran
Revert "Created check for device trust after MFA before creating web …
7a42529 
…session (#62019) (#63260)"

This reverts commit 64e28c6.
21KennethTran added a commit that referenced this pull request Feb 6, 2026
@21KennethTran
Revert "Created check for device trust after MFA before creating web …
9d68b5f 
…session (#62019) (#63260)"

This reverts commit 64e28c6.
github-merge-queue bot pushed a commit that referenced this pull request Feb 6, 2026
@21KennethTran
Revert "Created check for device trust after MFA before creating web …
e79ece7 
…session (#62019) (#63260)" (#63528)

This reverts commit 64e28c6.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tigrato tigrato tigrato approved these changes

@codingllama codingllama codingllama approved these changes

Assignees

No one assigned

Labels

audit-log Issues related to Teleports Audit Log backport size/md ui

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@21KennethTran @tigrato @codingllama

Comments