This is great, thanks for the reply!
While I haven’t ever had to personally use our REST API to manage a large set of users in an organization, I can imagine that there are good use cases for both of the things we’re looking at - filtering, as well as digging into a single user.
From my perspective, I think the place to start on the GraphQL API would be to add a filtering method to allow you to perform a pass over everyone - this would prevent you from having to loop through every user in the organization to check for who’s got 2FA on.
Once we’ve done that, I could see us adding the information into a special
UserEdge for the Organization -> Member connection - this would allow us to leverage GraphQL to put this information at the edge for a good way to represent this.
I’m going to open an internal issue for all of this, and we’ll update this thread if anything changes! Thanks again for the request, and for talking it through with me!