I just installed 10.0RC1 of nextcloud and I am happy so far but cannot find any way to enable 2fa. Where can I find the setting to do so? Are there any prerequisites I need to install before the menu point shows up? Thanks!
Thanks, didnât see this is needed âŚ
Installed the first one but getting errors:
include_once(): Failed opening â/var/www/owncloud/apps/twofactor_totp/appinfo/âŚ/vendor/autoload.phpâ for inclusion (include_path=â/var/www/owncloud/3rdparty/pear/console_getopt:/var/www/owncloud/3rdparty/pear/pear_exception:/var/www/owncloud/3rdparty/pear/pear-core-minimal/src:/var/www/owncloud/3rdparty/pear/archive_tar:/var/www/owncloud/3rdparty/phpseclib/phpseclib/phpseclib:/var/www/owncloud/lib/private:/var/www/owncloud/config:/var/www/owncloud/3rdparty:/var/www/owncloud/apps:.:/usr/share/php:/var/www/owncloudâ) at /var/www/owncloud/apps/twofactor_totp/appinfo/app.php#24
Should I open an issue?
Ah, OK, thanks âŚ
(or run make
inside the git repo)
@nickvergessen Is there a 2FA FAQ page or something that outlines the options? I was confused at first in thinking that I needed a separate server using the PrivacyIDEA 2FA solution. I would be happy to write it but canât trace a branch in github, online or elsewhere. PrivacyIDEA seems quite robust and professional but for smaller teams I was hoping for a more simple app solution. @doits, can you please comment on your experience with the app?
Thanks nextclouders for all that you do.
best regards,
Hi. Iâm trying to enable 2FA but I must be missing something. Iâve upgraded to 10.0RC1 and I added the twofactor_totp app - how do I enable it or configure it. It doesnât show up in any of the admin or other menus. OTOH I donât get any errors in my nextcloud log either.
Where do I look next?
Cheers
I simply unpacked the realesed version from https://github.com/ChristophWurst/twofactor_totp/releases into my apps/
directory of nextcloud.
After enabling the app Two Factor TOTP Provider
I can go to my personal settings and have an entry at the bottom of that page to enable TOTP. It showed a QR code which I canned in my OTP-program and now it generates the codes.
On login it asks me to authenticate with a second step. There I can select the TOTP-App and enter my one time codes. Suggestion: If there is only one second step app, there is no need for that page in between to select it (since I have no choice anyway). This would make the experience more seamless if only one second step authentication app is enabled.
My app passwords still do work, so this is fine.
That was it for me to make it work.
Thanks itâs working now. I removed it and re-installed it. Then it appeared on the app page and I was able to enable it.
Any idea how i can reset the 2fa for one user only (e.g. lost of smartphone).
I think there are console commands for this.
Yes. There are console commands:
$ php occ twofactor:disable admin
2FA disabled for user admin
$ php occ twofactor:enable admin
2FA enabled for user admin
Addition:
Nextclouds 2FA is currently not documented very well ⌠But youâll find a lot of interesting information and guides about this feature on the developers (@ChristophWurst) blog:
It would be nice to have this integrated in NCâs user management.
Something is missing in the âdocumentationâ : How can a user receive his TOTP secret again e.g. for adding an additional device.
Disabling and enabling TOTP in the userâs preferences will create a new TOTP secret.
TOTP 2FA is a separate community app, therefore itâs not documented in the Nextcloud documentation. However, feel free to contact me in https://github.com/ChristophWurst/twofactor_totp if youâd like to document the app. Weâll find a solution for it
Well, the authentication framework that the 2FA app uses is part of Next/Owncloud, so at least that part should be documented in the generic documentation. Like how after enabling an authentication app (be it 2FA or any other) the APIs (which ones?) can only be accessed with app passwords, whereas the webinterface can only be accessed using the mechamism implemented by the authentication app (2FA). And how password resets are handled in this context. And any other relevant generic behaviour.
Then the community app can document anything specific to that app. For 2FA it should probably tell a bit more about what happens to existing users when the admin enables the app.