Function getSuperAdminMFA

GET /superAdmin/{product}/mfa – Retrieves Super Admin MFA requirement status for a specific product.

---

📥 Request

Headers:

• Authorization: Bearer <access_token> (required)
• Content-Type: application/json (optional)

Body:

• None

Path Parameters:

• product: ProductKey (required) - The product identifier (CTS, EGRANTS, etc.)

Query Parameters:

• None

---

📤 Response

• 200 OK – Returns the Super Admin MFA configuration for the specified product.

---

❗ Errors

Status Code	Meaning	When it Happens
400	Bad Request	Missing or invalid product in path
401	Unauthorized	Missing or invalid authentication token
500	Internal Server Error	Unexpected error during retrieval

Error Response Format

{
  "error": "Detailed error message here"
}
Copy

---

📦 Examples

📥 Request

GET /superAdmin/CTS/mfa
Copy

📤 Response Example - MFA Enabled

{
  "product": "CTS",
  "enabled": true,
  "tenantList": ["test-tenant-1", "test-tenant-2"]
}
Copy

📤 Response Example - MFA Disabled (Temporary)

{
  "product": "CTS",
  "enabled": false,
  "tenantList": ["test-tenant-1", "test-tenant-2"]
}
Copy

📤 Response Example - No Record (Default Enabled)

{
  "product": "EGRANTS",
  "enabled": true,
  "tenantList": []
}
Copy

---

💡 Usage Notes

• This endpoint is designed to be called by Auth0 post-login lambda functions
• If no record exists for a product, it defaults to enabled: true and creates a new record
• The tenantList contains test tenants that may bypass MFA requirements in future iterations
• When enabled: false, the setting will automatically revert to enabled: true after 45 minutes via DynamoDB TTL

---