A security feature we should offer customers is the ability to enforce re-authentication on sensitive actions. Ideally this would be embedded in product features such as Admin Key, SAML changes in Access, etc.

Context on re-auth:

> Reauthenticate For Important Actions

Authentication isn’t only important when logging in. We can also use it to provide additional protection when users perform sensitive actions such as changing their password or transferring money. This can help limit the exposure in the event a user’s account is compromised. For example, some online merchants require you to re-enter details from your credit card when making a purchase to a newly-added shipping address. It is also helpful to require users to re-enter their passwords when updating their personal information.

From https://martinfowler.com/articles/web-security-basics.html

or see: https://opsec.readthedocs.io/en/latest/user/re-authentication-on-sensitive-actions.html

Relevant conversation from Admin Key:
https://hello.atlassian.net/wiki/spaces/CMC/pages/376812061/Admin+Key+Security+Architectural+Review?focusedCommentId=376523468#comment-376523468