- NC asks for a TOTP authentification
- No TOTP key nor Backup Keys available
- Reset password with occ
- TOTP still requested at login
How to deactivate TOTP for that user?
Anyone any idea?
Hmmm … there was a solution, but I don’t remember … perhaps using occ?
twofactorauth
twofactorauth:disable Disable two-factor authentication for a user
twofactorauth:enable Enable two-factor authentication for a user
$ sudo -u www-data php occ twofactorauth:disable USERNAME
Just wanted to add: In my installations (NC versions 20+) it is also required to add the provider ID; so for example if one wants to disable TOTP the command would be (ubuntu apache)
sudo -u www-data php occ twofactorauth:disable USERNAME totp
1 Like
Realise this is an old thread but a client of mine is currently evaluating cloud storage systems with Seafile and Nextcloud been the two short-listed. 2FA is critical for them so I’ve added the TOTP application and enforced it. Works fine but the scenario covered in this post is not that uncommon - user gets new phone, messes up restoring accounts to TOTP app and has lost their backup codes.
In Seafile, the administrator simply turns 2FA off on their account and next time they logon, they are forced to set it up again.
Is the only solution here via the SSH console/command line as documented above? If so, then can I strongly suggest a feature request here. 2FA is becoming almost mandatory as part of cyber insurance.
1 Like
sudo -u www-data php occ twofactorauth:disable USERNAME totp
This isn’t written down pretty much anywhere else, including the Nextcloud docs and the TOTP provider github. Thank you!
But it is out of the box to enforce TOTP based on a group membership, as well as allowing no MFA based on a group membership. So for larger solutions, it is highly recommended to this feature.