Two-Factor Admin Support - interfaces

Hi
On our instance we have installed the 2FA app "Two-Factor TOTP Provider"
https://instance-hostname/index.php/settings/apps/security/twofactor_totp
At this point users can opt to enable 2FA or not.

In addition we have recently installed the Two Factor Admin Support app on our NextCloud instance. in order to handle users who have problems with 2FA. This App is at https://instance-hostname/index.php/settings/apps/security/twofactor_admin

The App works fine - our SysAdmin was able to get one-time codes from the “occ” command line interface which we could use to unlock accounts with 2FA set.

But we do not necessarily want to involve our Sysadmin with user management.

The regular interface via a web browser provides a user in the Admin group various functionality for managing end users - such as creating accounts, deleting accounts, and resetting passwords.

If the Two-Factor Admin Support functionality is available to the Admin user with web browser, could someone advise exactly where that option should show up.

Related, as an Admin user with web browser we do not seem to be able to see which of our users have selected a 2FA option. Is there a way to get that information to come up in the regular interface at https://instance-hostname/index.php/settings/users

Thanks

As I mentioned previously, OCC is the only way to use Two Factor Admin Support.

I’m not sure about checking who has actually configured one of the 2FA apps for their account, but the best practice is to require it for all users.

Users losing their 2FA method should be a rare occurrence.

Solved my own problem.

Use case - user accessing NextCloud via the web interface, where user is a member of the Admin group.

  • Click on user icon top right, then on “Settings”
  • Scroll down left hand sidebar to “Administration”, option “Security”
  • URL should now be __https://[hostname]/index.php/settings/admin/security
  • Scroll down now in the right hand window to find “Two-Factor Admin”
  • That should allow you do generate a one time token to allow a user with 2FA configured to log in

Ah. Looking at the change log, this feature was added in September, and for whatever reason they didn’t update the documentation.