Force 2FA for all users from the Administration panel

remkolodder · February 21, 2018, 8:10am

Dear community,

My client is looking for an option to force 2FA for all registered users. This is currently not possible via the Administration panel. We would like to know what it would take in terms of days and money to get this as an implementation within Nextcloud. We (And perhaps others) might(!) be able to fund such work from the company or own pockets. There is some request for this on github as we have seen.

The idea is that the “Administrator” can setup the 2FA for a user, that the user can login with valid credentials and get the QR code presented, which they need to add and acknowledge. They should be logged out at that stage and re-login with credentials/tokencode. They (users) should not have the option to disable this 2FA.

Thanks in advance,
Remko

Edit: explain the general idea that I have about this.

tflidd · February 23, 2018, 9:56pm

There was already some discussion in the past:

@ChristophWurst can perhaps give a brief estimation how long an implementation would take.

On existing github issues, you can put money on them via bountysource, that’s good for smaller issues.

For larger business users, an official enterprise subscription can help to push certain features in the development process.

remkolodder · February 24, 2018, 8:16am

Hi!

Thanks for your information… I noticed the github issues (I mentioned them) and I also saw that there was no real discussion on what it would cost to implement this. My client is/was willing to consider donating for this specific feature (Although I might have found a workaround with SAML). The subscription is not something my client is willing to pursue at this moment (and having a subscription does not guarantee that it will be implemented, just considered, which is my interpretation of the contact I had with sales).

Cheerio
Remko