refactor(admin): 2FA chapter clean-up #12446
Conversation
- Document the three bundled (shipped) 2FA providers. - Clarify what "providers" are and why they're important. - Re-order the sections. - Remove some outdated bits. - Eliminate some redundancies. - Misc tidying up. Signed-off-by: Josh <[email protected]>
joshtrichards
force-pushed
the
jtr/admin-refactor-2fa
branch
from
fed4213 to
0b74e40
Compare
|
/backport to stable30 |
|
/backport to stable29 |
|
Questions like "Why can't I use 2FA even though I've enabled it?" come up too often. Hoping this helps. :) |
| in on an account with two-factor authentication (2FA) enabled, it is necessary to provide both the | ||
| login password and another factor. 2FA in Nextcloud is pluggable, meaning that they are not part | ||
| of the Nextcloud Server component but provided by featured and 3rd-party Nextcloud apps. | ||
| in on an account when two-factor authentication (2FA) enabled, it is necessary to provide both the |
There was a problem hiding this comment.
it is necessary to provide -> you must provide
(direct language is often easier to understand)
| Nextcloud App store so by navigating there and clicking **enable** for the app | ||
| you want, 2FA will be installed and enabled on your Nextcloud server. | ||
| 2FA in Nextcloud is pluggable, meaning that various 2FA providers can be used to support different | ||
| types of factors. Three providers are automatically installed (but may need to be enabled): |
There was a problem hiding this comment.
What about webauthn that let's you use U2F devices: https://apps.nextcloud.com/apps/twofactor_webauthn
Is this another method, or does it count as something different?
| @@ -76,3 +83,14 @@ The associations of removed providers can be cleaned up via :ref:`occ <occ>`:: | |||
| sudo -u www-data php occ twofactorauth:cleanup <provider_id> | |||
|
|
|||
| .. warning:: This operation is irreversible. Only run it for providers you do not intend to enable again. | |||
|
|
|||
| Disabling two-factor authentication | |||
There was a problem hiding this comment.
For me the use case is, that a user has forgotten/lost their second factor. If there are different factors possible, I'd add a line to show 2FA status of the user first:
sudo -u www-data php occ twofactorauth:state <uid>
| @@ -76,3 +83,14 @@ The associations of removed providers can be cleaned up via :ref:`occ <occ>`:: | |||
| sudo -u www-data php occ twofactorauth:cleanup <provider_id> | |||
|
|
|||
| .. warning:: This operation is irreversible. Only run it for providers you do not intend to enable again. | |||
There was a problem hiding this comment.
Sound a bit like you can never use it again. It's just the current settings are all lost, and if you enable it you have to set up everything again (might be interesting for people who have messed up something with their setup)?
🖼️ Screenshots