khanh.pndc/nextcloud-docs
1
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2026-01-02 17:59:36 +07:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11634 from nextcloud/feat/adminmanual/two-factor-disable-cleanup-occ

Browse Source 
feat(admin): occ twofactor:cleanup/disable
This commit is contained in:
Christoph Wurst
2024-03-13 19:50:47 +01:00
committed by GitHub
parent 1f69028180 2a593f31c6
commit 05d23f32db
2 changed files with 27 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
admin_manual/configuration_server/occ_command.rst
View File

@@ -1,3 +1,5 @@
.. _occ:
=====================
Using the occ command
=====================
@@ -1730,13 +1732,13 @@ In the case of a user losing access to the second factor (e.g. lost phone with
two-factor SMS verification), the admin can try to disable the two-factor
check for that user via the occ command::
sudo -u www-data php occ twofactor:disable <uid> <provider_id>
sudo -u www-data php occ twofactorauth:disable <uid> <provider_id>
.. note:: This is not supported by all providers.
To re-enable two-factor auth again use the following commmand::
sudo -u www-data php occ twofactor:enable <uid> <provider_id>
sudo -u www-data php occ twofactorauth:enable <uid> <provider_id>
.. note:: This is not supported by all providers.

23
admin_manual/configuration_user/two_factor-auth.rst
View File

@@ -1,3 +1,5 @@
.. _two-factor-auth:
=========================
Two-factor authentication
=========================
@@ -31,6 +33,16 @@ Once 2FA has been enabled, users have to `activate it in their personal settings
.. TODO ON RELEASE: Update version number above on release
Disabling two-factor authentication
-----------------------------------
Two-factor providers can be disabled via :ref:`occ <occ>`::
sudo -u www-data php occ twofactorauth:disable <uid> <provider_id>
User are free to enable this provider again via their personal settings.
.. note:: This operation has to be supported by the provider. If this support is missing, Nextcloud will abort and show an error.
Enforcing two-factor authentication
-----------------------------------
@@ -53,3 +65,14 @@ a user has 2FA enforced:
* If no groups are selected, 2FA is enabled for everyone except members of the excluded groups
* If groups are selected, 2FA is enabled for all members of these. If a user is both in a
selected *and* excluded group, the selected takes precedence and 2FA is enforced.
Provider removal
----------------
Nextcloud keeps records about the enabled two-factor authentication providers of every user. If a provider is simply removed/:ref:`disabled <apps_commands_label>`, Nextcloud will still consider the provider active for the user at login and show a warning like *Could not load at least one of your enabled two-factor auth methods*.
The associations of removed providers can be cleaned up via :ref:`occ <occ>`::
sudo -u www-data php occ twofactorauth:cleanup <provider_id>
.. warning:: This operation is irreversible. Only run it for providers you do not intend to enable again.