1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 Adding 2 step verification for admins

Discussion in 'XenForo Questions and Support' started by AngelArs, Mar 5, 2016.

  1. AngelArs

    AngelArs Active Member

    I'm having problems with my style, and the company that made it is asking for admin log in so that they can see if everything has been set up properly.

    I created a "support" user account, but it is trying to force me to give that admin 2 step verification.

    Is there a way to turn this requirement off - just for this one admin account - since they won't have my phone, and i'll be using this same "support" account for other companies?

    Last edited: Mar 5, 2016
  2. Brogan

    Brogan XenForo Moderator Staff Member

    If you have checked 'Require two-step verification to access the admin control panel' then there is no way you can disable it for a specific account.

    You will either have to uncheck that or provide a back up code to the person logging in.
  3. AngelArs

    AngelArs Active Member

    OK thanks Brogan. While we're on this "support admin" topic, what permissions do you recommend that we turn OFF for this temporary admin.

    For example, I know I should turn off "Ban Permissions" so that they can't ban us and take over the site, but what other admin permissions do you recommend that we turn off for their account (so that the main admin is protected)?

  4. tommydamic68

    tommydamic68 Well-Known Member

    I would imagine if its just a style issue, just ticking this setting would be fine. I'm guessing its a reputable developer?

    Screen Shot 2016-03-05 at 8.51.31 AM.png
  5. Brogan

    Brogan XenForo Moderator Staff Member

    If it's a regular admin account then it won't be able to change any settings of the super admin account.

    Really it's up to you what permissions you grant, depending on the scope of work you anticipate those using the support account are going to need.
  6. AngelArs

    AngelArs Active Member

    First time dealing with them so I'm hoping :)
  7. AngelArs

    AngelArs Active Member

    I have this unchecked, but it's forcing me to turn it back on by giving this message:

    "You must enable two-step verification to access the control panel."
  8. wang

    wang Well-Known Member

    You can disable it temporarily by adding this code in your config.php file.

    $config['enableTfa'] = false;
  9. Mike

    Mike XenForo Developer Staff Member

    You have likely forced it using a user group permission as well ("Require two-step verification").
  10. AngelArs

    AngelArs Active Member

    I have turned it off every place I can think of. When I log back into my forum it gives this error:

    You must enable two-step verification to continue.

    It's not giving me the option to not use it. It's saying use it or even I, as the root admin, can't log in.
  11. Amaury

    Amaury Well-Known Member

    It sounds like you're able to access the ACP. If you can, you can reset it for yourself and other users:


    Then ensure you don't have it required for either the ACP or individual user groups as Mike suggested:
    • ACP > Options > Admin Control Panel > Require two-step verification to access the admin control panel
    • ACP > Users > User Groups > [Choose User Group] > General Permissions > Require two-step verification
  12. AngelArs

    AngelArs Active Member

    We tried that. It does disable 2 step, BUT then it forces you to turn it back on or it prevents you from logging back into the forum.

    The only thing that has worked so far is the config file code provided above.
  13. Tracy Perry

    Tracy Perry Well-Known Member

    Have you looked here to make sure it's disabled.

    Screen Shot 2016-03-06 at 11.58.44 PM.png
  14. AngelArs

    AngelArs Active Member

    Yes Tracy, it is UNchecked.
  15. Tracy Perry

    Tracy Perry Well-Known Member

    Was it checked prior to this?
    If you are using any caching (memcached/redis) clear your server cache (usually restarting the PHP processor and the server (redis/memcached) will do it.
  16. AngelArs

    AngelArs Active Member

    Not after I created the "Support" user.
  17. Tracy Perry

    Tracy Perry Well-Known Member

    If it's unchecked, and you've cleared your cache and it's still happening, then either you have an additional cache between the server and the user (a proxy?) or you have a user group setting configured to force it.
  18. AngelArs

    AngelArs Active Member

    This is no longer working. When I add it to the config file all I see is a white page. Can you think of any reason why this would happen?

    Also, if I give someone a username and password to enter the admin panel, and they assign 2 step for that username, can I (as the root admin) still change the password afterward for that username (or delete the username)?
  19. wang

    wang Well-Known Member

    I do not see any reason why you should get any blank page.

    Yes, you can do both things for that username, or for any other member in your forum.
  20. AngelArs

    AngelArs Active Member

    Thank you. Appreciate the help.
    wang likes this.

Share This Page