- App setup wizard
- SAML IAM handling
- LDAP IAM handling
- Cobalt form JSON field type - Setting resource
- MFA recovery codes handling
- Forgot password handling
    - Admin password reset mechanism -> flag users as needing PW resets
    - Make this a general flow for pre-empting user logins
- Cobalt form - when multiselect make selection box taller
- Cobalt form - after action handlers
    - e.g. after insert perform action
    - e.g. after update perform action, &c.
- IAM manage user API scopes
- Eliminate LDAP group model, make LDAP server use standard auth group
- OAuth2 -> support refresh tokens
- Traps -> support session traps; convert MFA challenge to use session trap
    - Allow setting user trap from web UI
    - Don't allow external logins if trap is set