To further strengthen the controls Cloudsmith offers organizations around user access, we've improved how we enforce 2-Factor Authentication (2FA) and SAML/SSO.
Previously, both were only enforced when a user logged into the application and was not required to access the Cloudsmith API or for interactions in the same session beyond login.
The following changes are designed to improve the limitations above:
If you log in and your repositories have "disappeared," likely, you don't have 2FA/SAML setup in an organization that requires them. You can enable 2FA (see the supporting docs) within your user account or use the SAML login for your organization to get access back.
If you're an owner of an organization that enforces 2FA/SAML, you'll now find a more significant restriction on enforcement of 2FA and SAML, so it is possible that if you didn't have these enabled before, you'd need to do so now to re-access the org.
If you haven't yet adopted our new Service Accounts for automation, you may have standard user "bot" accounts that interact with the Cloudsmith platform programmatically.
If the organization has 2FA enforced, those "bot" users will need to have 2FA set up. Alternatively, we recommend migrating these "bot" users to Service accounts, which are more suited for the purpose!
Absolutely! If you need any help or want clarity on any of the above, please contact us anytime.