MFA-TOTP force it for every session (desktop client)

Hi everybody,

we have installed a nextcloud with TOTP-MFA App activated and forced for some groups. It works fine so far, but one negative thing is, that the desktop client only asks for the MFA in the first config step, after that the MFA token is never asked again. How can I force it, so that when the user clicks on the nextcloud plugin-connection in the windows explorer, the user will be asked for the MFA token?

Thx in advance and kind regards,

hi @ftlstw welcome to the forum :handshake:

the fact desktop client logs in once and remain logged in for longer time is by design. “in general” nobody wants MFA every time you access files - this kills user experience and brakes functionality (like sync - this will stop once MFA is enforced).

I can’t help you (and I don’t recommend it) but you could look at config.php parameters related to sessions and review if you can achieve your goal reducing session timeout and enabling auto_logout…

… and windows explorer is not really connected with desktop client… it just shows the file existing locally - so once the file exists on the local drive it is out of control of NC client… (VFS makes it little harder to understand but the principle is the same).