TOTP installed. Adding new user NC will not give them a TOTP to scan for login

Nextcloud 18.0.6
1 admin user
TOTP v 4 .1.3 enabled

Added a regualr new user. Not admin.
When they login they get the TOTP window.
The new user creation was not given any barcode to scan or anyway to access TOTP.
They cannot login.

In NC Admin User Settings there is no TOTP access info.

In NC admin settings / security:
Unchecked “Enforce Two Factor authentication”
Also disabled TOTP app
User logins with l/p then next page returns:
" Two-factor authentication Could not load at least one of your enabled two-factor auth methods. Please contact your admin."

Tried setting user group in “Two-factor authentication is not enforced for members of the following groups.” Did not help.

Not sure how to simply create a new user with TOTP enabled and give them TOTP access.

Tried all variations of TOTP enabling, disabling, unchecking etc.

How should it work to set-up a 2FA authentication before a users has at least identified himself once?! A 2FA mechanism requires an initial login first, before users can set-up the mechanism on their own. I would recommend that you install the Two-Factor Admin Support app and provide a one-time code for new users so that they can login and directly set-up their 2FA application.

Old thread I know - sorry.

The overall general flaw or lacking feature for Nexcloud installations with many users, is that this is a manual support task, for every new user.

It still surprises me - negatively - that with every release the feature of autogenerating and emailing a one time OTP using the Two-Factor Admin Support app when new users are created, is still not implemented.

In truth it pains me so much in regards to manual administration overhead, I have decided to use federated login behind a Gluu server. The Gluu server can point to an external RADIUS server as a fall-back solution, where I can set a one time code I decides in a very simple server side script. On the plus side I have an LDAP backend for Nextcloud so the RADIUS server needs not to have its own user database in sync with Nextcloud.
However it would be much simpler and much MUCH more powerfull if Nextcloud could have support for this when sending the welcome mail. However an even better solution would be to add a unique link in the mail, that points the user to a page where the user logs in with username and password, a seperate email is sent with a one time code that needs to be provided, and then a barcode is presented for the user to scan. That solution is as secure as it can be when involving email, as the user has to:

  1. Actively click the link in the welcome mail, which can be made active only for a given period.
  2. Use the credentials provided during registration.
  3. Wait for an email in an active session.
  4. Provide the one time code sent by email in that same session.
  1. Enforce 2FA for your users
  2. The users will be asked to set up TOTP during their first login

done.

Ok? Was that a bug that have then been fixed?

I have been through that already, and a new user was not asked to set up 2FA at first logon. No the user could not login as he did not yet have 2FA set up.

Sendt fra ProtonMail-mobil

-------- Originalbesked --------
Til 12. apr. 2021 08.29, Christoph Wurst via Nextcloud community < noreply@nextcloud.com> skrev:

I have the same problem.

I have Nextcloud version 22.1.1 in use and it is no longer possible to create new users with OneTime Password.

Is there a workaround to create new users that don’t have a 2 factor yet?