Hi, I have a rather simple question. I just set up nextcloud using docker - not the AIO image but the cool one. I noticed that I have the option to enforce 2FA for all users. But before doing that, I wanted to enable 2FA for my account just to be sure. But it seems that there is no option for that. I apparently have to get an app for that.
So my questions:
Since it seems there are multiple, what is the best one?
Why does this toggle exist when there is no option to set up 2FA?
Yeah Your are right, Nextcloud requires a 2FA app like " Two Factor TOTP provider" to enable 2FA. Once Installed, users can links app like Google Authenticator. The toggle exists for global enforcements but works only after a 2FA method is installed and configured per user.
First the best way is to use a test user and not your admin user. Add the test user to a test group e.g. test. Under Administration → Security (url index.php/settings/admin/security) you can set 2FA only to the test group e.g. test.
So it seems there is an app called twofactor_totp (I am going by the occ friendly names). That app got installed, but not activated during setup. I activated it and it seems to work but it is still curious to me that this global toggle can exist if there is no 2FA option
Small addendum. To be on the safe side, I tried it again on my test system (freshly installed with Nextcloud 31.0.5).
Admin is admin
Test user is test
Test user test in group test admin must activate default pre-installed app Tow-Factor TOTP Provider or Two-Factor Authentication via Nextcloud notifications admin does not yet enforce TOTP / 2FA for group test
User test logs in normally
User test can configure TOTP in Security settings.
If this works admin can force group test to use TOTP.
Please read the documentations. There you can find details to both ways of default 2FA.