Cloudron Forum

At the bottom of the user edit dialog there is a section for this. If the user has 2fa enabled it would look like this:

ba92d23e-ddaa-4850-bc1b-8078da14c862-image.png

@zion please always provide context.
As a reader I have to much space to interpret.

Do you mean:

private Cloudron Cloudron.io account A Cloudron App

?

@sufian-mughal Currently, this is not possible. This is because LDAP has no standard way of passing through LDAP information.

That said, usually apps are able to enable 2FA independently of LDAP. This means that users manage 2FA inside the app instead of Cloudron - it works this way for GitLab/Gitea etc for example.

For matrix, upstream is still working on it - https://github.com/matrix-org/matrix-spec-proposals/pull/1998

This is fixed in https://git.cloudron.io/cloudron/dashboard/-/commit/b3cdcb2adb4666f274ed23f2ab05428563531dc8

@LoudLemur I have seen this idea implemented on some services now.

I guess this will only work for the Cloudron dashboard?

@atridad yes it does. If you run cloudron --help you can see the "global" options on the top, which apply also to subcommands.

@rohit507 Use https://docs.cloudron.io/user-management/#password-reset-ssh to create a one time password to login. Once you logged in, you can disable the 2FA and re-set it up.

@girish That's awesome, thank you. I was going to do it and post the screenshots here, but paused, not sure if even starting the process would "turn it on" and then what... This is super helpeful.

Tested and confirmed fixed - thanks!

@archos no worries 🙂 glad you got that sorted out.

@girish thanks a lot, that sounds just right

@girish Thanks! - should have figured that out - didn't see the button 😊

@alexdimarco Added for next release.

27b68a07-8d7d-4715-a7cf-128adaf1dd60-image.png

@privsec That is what I personally call computer vodoo 🙂

I will mark this as solved. LDAP standard hasn't moved to support 2FA and neither have apps settled on a pseudo standard. There is not much we can do.

@JOduMonT Thanks! merged, should be part of our next deploy.

This is implemented in 5.4