is there a way to not use 2FA from local network or specified IP addresses?
I like to just use normal login from e.g. local lan (or specified external IP addresses), but will have 2FA enabled from outside from all other places.
I’m using nc 20.0.5
I think it’s not possible. I know especially when you setup new system and login multiple times, using different users, for testing and so on… 2FA might be annoying but this usuallynot the case for daily operations… In general 2FA is not as disturbing as it seems to - once you whitelist your NC domain and your browser keeps the session cookie you remain logged in for ages… and if you get new device it’s not hard to follow 2FA login once (per app) - and I bet you appreciate this extra security layer as well…
I found manually entering the TOTP code every time I wanted to login kind of annoying. Then at some point I ordered two YubiKeys and set up U2F. Now entering the second factor is just one button press on the YubyKey. Of course this has the disadvantage that if you don’t have your YubiKey with you, then you can’t log in. But since I mainly need Nextcloud as a backend for the Android app and for syncing my calendar when I’m on the road, that’s not really an issue. And if you always have the second YubiKey on your keychain, it’s a non-issue anyways.
Yes, I think having an option to not force 2FA from specific IPs or local network work be awesome. Currently O365 has this option under their conditional access rules. I don’t see a reason to enforce 2fa under your local network. Since users are on a secure network no need to force 2fa but if they login outside of the network then enforce it