XF 1.5 Adding 2 step verification for admins

AngelArs

Active member
I'm having problems with my style, and the company that made it is asking for admin log in so that they can see if everything has been set up properly.

I created a "support" user account, but it is trying to force me to give that admin 2 step verification.

Is there a way to turn this requirement off - just for this one admin account - since they won't have my phone, and i'll be using this same "support" account for other companies?

Thanks.
 
Last edited:
If you have checked 'Require two-step verification to access the admin control panel' then there is no way you can disable it for a specific account.

You will either have to uncheck that or provide a back up code to the person logging in.
 
OK thanks Brogan. While we're on this "support admin" topic, what permissions do you recommend that we turn OFF for this temporary admin.

For example, I know I should turn off "Ban Permissions" so that they can't ban us and take over the site, but what other admin permissions do you recommend that we turn off for their account (so that the main admin is protected)?

Thanks.
 
OK thanks Brogan. While we're on this "support admin" topic, what permissions do you recommend that we turn OFF for this temporary admin.

For example, I know I should turn off "Ban Permissions" so that they can't ban us and take over the site, but what other admin permissions do you recommend that we turn off for their account (so that the main admin is protected)?

Thanks.
I would imagine if its just a style issue, just ticking this setting would be fine. I'm guessing its a reputable developer?

Screen Shot 2016-03-05 at 8.51.31 AM.webp
 
what other admin permissions do you recommend that we turn off for their account (so that the main admin is protected)?
If it's a regular admin account then it won't be able to change any settings of the super admin account.

Really it's up to you what permissions you grant, depending on the scope of work you anticipate those using the support account are going to need.
 
It sounds like you're able to access the ACP. If you can, you can reset it for yourself and other users:

KHF 2FA.webp

Then ensure you don't have it required for either the ACP or individual user groups as Mike suggested:
  • ACP > Options > Admin Control Panel > Require two-step verification to access the admin control panel
  • ACP > Users > User Groups > [Choose User Group] > General Permissions > Require two-step verification
 
We tried that. It does disable 2 step, BUT then it forces you to turn it back on or it prevents you from logging back into the forum.

The only thing that has worked so far is the config file code provided above.
 
Was it checked prior to this?
If you are using any caching (memcached/redis) clear your server cache (usually restarting the PHP processor and the server (redis/memcached) will do it.
 
If it's unchecked, and you've cleared your cache and it's still happening, then either you have an additional cache between the server and the user (a proxy?) or you have a user group setting configured to force it.
 
You can disable it temporarily by adding this code in your config.php file.

PHP:
$config['enableTfa'] = false;
This is no longer working. When I add it to the config file all I see is a white page. Can you think of any reason why this would happen?

Also, if I give someone a username and password to enter the admin panel, and they assign 2 step for that username, can I (as the root admin) still change the password afterward for that username (or delete the username)?
 
This is no longer working. When I add it to the config file all I see is a white page. Can you think of any reason why this would happen?


I do not see any reason why you should get any blank page.

Also, if I give someone a username and password to enter the admin panel, and they assign 2 step for that username, can I (as the root admin) still change the password afterward for that username (or delete the username)?

Yes, you can do both things for that username, or for any other member in your forum.
 
Back
Top Bottom