Enforcing Two Factor not giving new users opportunity to login

Hi There,
I have a new installation of Nextcloud v20.0.5 and have set up SSO for our users.
We naturally have MFA set up on our accounts.
But we will be having need to create accounts, that only exist in nextcloud, and so I would like to enable two factor for these accounts.

But, when I enforce Two Factor, it stops all users without two factor configured from logging in.

Which means, any new user account I create, they will never be able to log in.
They just get this message:
Two-factor authentication is enforced but has not been configured on your account. Contact your admin for assistance.

So how can a newly created user ever login to configure their two factor?

I’m hoping I am missing something.

Hope you can help.
Thanks,
Tim

1 Like

I just stumbled over the same issue.
It also affects existing users that have not setup 2FA earlier.

Either you generate backup codes for the user via SSH (see other threads), or use the app “Two-Factor Admin Support”:
Go to Adminstration → Security and scroll down to " Two-Factor Admin".
Here, you can generate a one-time code for the user.

If the user tries to login after that, it is asked for the code.
Insist that the user sets up 2FA in his/her setting now. Otherwise, you get a call again very soon :wink:

And yes, I also think Nextcloud should make this more user-friendly:
If 2FA is enforced for a user, the server should try email, notification, … depending on which apps are enabled and which information is known about the user.
And it should also at least notifiy the user to setup 2FA if it is enforced!

1 Like