enable and disable 2fa for users

aratokenaratoken
in Windows command line
Hi! i am recently using the windows version to secure rdp logins on my server, so far its working fine. However i am a bit confused regarding the "iswithout2fa" option through the command line: I tried to set this option for two users for testing purposes, setting it for my Administrator (using the Administrator) worked fine but configuring it for another testuser did not seem to work. If i log in with said user and set it, it works without issues but in return i cannot set the option for other users (for example the Administrator). Is there a restriction as to how/where to set the without2fa option that i'm missing? In both cases (working and not) i got no output on my cli after using the command at all. Also: am i assuming correctly that the "iswithout2fa" can only be removed with a restart of the whole system? I couldn't find any option for it in the help output and i noticed that after restarting the server because of updates that 2FA was re-enabled for a user i previously disabled it using that option. Thank you and best regards!

Comments

  • adminfadminf
    Hello,
    Did you deploy a local version only, or do you have also a multiOTP Open Source Server ?
    Of course, except the Administrator, a user cannot switch the 2FA check to "without2fa" for another user.
    Please note also that the option -iswithout2fa is only to know if a user don't need 2FA, but if you don't want to ask 2FA for a specific user, you have to change his token default algorithm to "without2fa".
    Regards,
  • aratokenaratoken
    Hi, thanks for your reply! Yes, i am using the local only version. Can you tell me where i am supposed to change the token to disable 2fa? Can i modify the user config files for that directly or is there another way?
  • adminfadminf
    Hello,
    The easiest way is to delete the user and recreate it with a "without2fa" token.
    Regards,
Sign In or Register to comment.

© Vanilla Keystone Theme 2025