From b4e5ac97969dd426cd3475d66d32d4e14732abf3 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 14 Jun 2023 16:11:50 -0400
Subject: [PATCH] Add note to advise against changing settings

---
 salt/kratos/soc_kratos.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/salt/kratos/soc_kratos.yaml b/salt/kratos/soc_kratos.yaml
index 19487abf8..b580e9611 100644
--- a/salt/kratos/soc_kratos.yaml
+++ b/salt/kratos/soc_kratos.yaml
@@ -30,7 +30,7 @@ kratos:
               helpLink: kratos.html
         totp:
           enabled: 
-            description: Set to True to enable Time-based One-Time Password (TOTP) multi-factor authentication (MFA). Enable to ensure proper security protections remain in place.
+            description: Set to True to enable Time-based One-Time Password (TOTP) multi-factor authentication (MFA). Enable to ensure proper security protections remain in place. Be aware that disabling this setting, after users have already setup TOTP, may prevent users from logging in.
             global: True
             helpLink: kratos.html
           config:
@@ -41,12 +41,12 @@ kratos:
               helpLink: kratos.html
         webauthn:
           enabled:
-            description: Set to True to enable Security Keys (WebAuthn / PassKeys) for passwordless or multi-factor authentication (MFA) logins. Security Keys are a Public-Key Infrastructure (PKI) based authentication method, typically involving biometric hardware devices, such as laptop fingerprint scanners and USB hardware keys.
+            description: Set to True to enable Security Keys (WebAuthn / PassKeys) for passwordless or multi-factor authentication (MFA) logins. Security Keys are a Public-Key Infrastructure (PKI) based authentication method, typically involving biometric hardware devices, such as laptop fingerprint scanners and USB hardware keys. Be aware that disabling this setting, after users have already setup their accounts with Security Keys, may prevent users from logging in.
             global: True
             helpLink: kratos.html
           config:
             passwordless: 
-              description: Set to True to utilize Security Keys (WebAuthn / PassKeys) for passwordless logins. Set to false to utilize Security Keys as a multi-factor authentication (MFA) method supplementing password logins.
+              description: Set to True to utilize Security Keys (WebAuthn / PassKeys) for passwordless logins. Set to false to utilize Security Keys as a multi-factor authentication (MFA) method supplementing password logins. Be aware that changing this value, after users have already setup their accounts with the previous value, may prevent users from logging in.
               global: True
               helpLink: kratos.html
             rp: