For Nextcloud 18 and MFA, I’m looking for a way to enabled MFA only when our Nextcloud is accessed externally (outside our network). Our small company doesn’t have general staff access Nextcloud from outside our office so forcing MFA on Nextcloud all the time doesn’t makes sense for us. But the owners of this small business may access their Nextcloud files externally. I would like to implement MFA before they login from external. Is this possible to setup in Nextcloud?
Basically what I’m looking for is a hybrid solution:
When Nextcloud is accessed locally on our network all users (including owners) will just use their password.
When Nextcloud is accessed externally users will need to use MFA (google authentication and user password)
I don’t think so.
The MFA requirement in Nextcloud can be applied (or not) depending on group membership.
What you are looking for as a differentiator is the IP address a user is coming from…
You could put your Nextcloud server on your private network, without MFA.
To get access to it from outside, users would need to go through a firewall that can require OTP.
But this setup would need a different MFA engine and firewall to be installed…
I wouldn’t dig this deep when trying to improve security. But you can try it.
Keep the original versions of the files you are editing to easily go back if needed…
I agree @anon71540698, this is going beyond what I want to implement in our small office Nextcloud. I think a strong password for each user rotated will help me with security.