• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.5 Adding 2 step verification for admins

AngelArs

Active member
#1
I'm having problems with my style, and the company that made it is asking for admin log in so that they can see if everything has been set up properly.

I created a "support" user account, but it is trying to force me to give that admin 2 step verification.

Is there a way to turn this requirement off - just for this one admin account - since they won't have my phone, and i'll be using this same "support" account for other companies?

Thanks.
 
Last edited:

Brogan

XenForo moderator
Staff member
#2
If you have checked 'Require two-step verification to access the admin control panel' then there is no way you can disable it for a specific account.

You will either have to uncheck that or provide a back up code to the person logging in.
 

AngelArs

Active member
#3
OK thanks Brogan. While we're on this "support admin" topic, what permissions do you recommend that we turn OFF for this temporary admin.

For example, I know I should turn off "Ban Permissions" so that they can't ban us and take over the site, but what other admin permissions do you recommend that we turn off for their account (so that the main admin is protected)?

Thanks.
 

tommydamic68

Well-known member
#4
OK thanks Brogan. While we're on this "support admin" topic, what permissions do you recommend that we turn OFF for this temporary admin.

For example, I know I should turn off "Ban Permissions" so that they can't ban us and take over the site, but what other admin permissions do you recommend that we turn off for their account (so that the main admin is protected)?

Thanks.
I would imagine if its just a style issue, just ticking this setting would be fine. I'm guessing its a reputable developer?

Screen Shot 2016-03-05 at 8.51.31 AM.png
 

Brogan

XenForo moderator
Staff member
#5
what other admin permissions do you recommend that we turn off for their account (so that the main admin is protected)?
If it's a regular admin account then it won't be able to change any settings of the super admin account.

Really it's up to you what permissions you grant, depending on the scope of work you anticipate those using the support account are going to need.
 

wang

Well-known member
#8
You can disable it temporarily by adding this code in your config.php file.

PHP:
$config['enableTfa'] = false;
 

AngelArs

Active member
#10
You have likely forced it using a user group permission as well ("Require two-step verification").
I have turned it off every place I can think of. When I log back into my forum it gives this error:

You must enable two-step verification to continue.


It's not giving me the option to not use it. It's saying use it or even I, as the root admin, can't log in.
 

Amaury

Well-known member
#11
It sounds like you're able to access the ACP. If you can, you can reset it for yourself and other users:

KHF 2FA.PNG

Then ensure you don't have it required for either the ACP or individual user groups as Mike suggested:
  • ACP > Options > Admin Control Panel > Require two-step verification to access the admin control panel
  • ACP > Users > User Groups > [Choose User Group] > General Permissions > Require two-step verification
 

AngelArs

Active member
#12
We tried that. It does disable 2 step, BUT then it forces you to turn it back on or it prevents you from logging back into the forum.

The only thing that has worked so far is the config file code provided above.
 

Tracy Perry

Well-known member
#13
We tried that. It does disable 2 step, BUT then it forces you to turn it back on or it prevents you from logging back into the forum.

The only thing that has worked so far is the config file code provided above.
Have you looked here to make sure it's disabled.

Screen Shot 2016-03-06 at 11.58.44 PM.png
 

Tracy Perry

Well-known member
#15
Was it checked prior to this?
If you are using any caching (memcached/redis) clear your server cache (usually restarting the PHP processor and the server (redis/memcached) will do it.
 

Tracy Perry

Well-known member
#17
If it's unchecked, and you've cleared your cache and it's still happening, then either you have an additional cache between the server and the user (a proxy?) or you have a user group setting configured to force it.
 

AngelArs

Active member
#18
You can disable it temporarily by adding this code in your config.php file.

PHP:
$config['enableTfa'] = false;
This is no longer working. When I add it to the config file all I see is a white page. Can you think of any reason why this would happen?

Also, if I give someone a username and password to enter the admin panel, and they assign 2 step for that username, can I (as the root admin) still change the password afterward for that username (or delete the username)?
 

wang

Well-known member
#19
This is no longer working. When I add it to the config file all I see is a white page. Can you think of any reason why this would happen?


I do not see any reason why you should get any blank page.

Also, if I give someone a username and password to enter the admin panel, and they assign 2 step for that username, can I (as the root admin) still change the password afterward for that username (or delete the username)?
Yes, you can do both things for that username, or for any other member in your forum.