The Mozilla IAM team is implementing changes that will allow relying parties to decide when login methods which are less safe (such as login without 2FA) can be used to login.
On relying parties which only had the LDAP login method enabled, only LDAP accounts (staff and community accounts with LDAP) were allowed to login. With the change, we need to properly enforce that access control by adding an access control group.
We have added this group, which only allow Mozilla paid Staff (
hris_is_staff) from Mozilla Corporation and Mozilla Foundation to login to these relying parties.
Note that you can always request changes in the future at: https://mozilla.service-now.com/sp?id=sc_cat_item&sys_id=1e9746c20f76aa0087591d2be1050ecb