Had some initial issues with installation and setting up email but these have now all been resolved. The issue I am currently having, and hoping someone can point me in the right direction, is that if we use accounts without 2FA then everything works as it should and the team can log in without any problems. However, if we enable 2FA on any of the accounts, it generates the 2FA email which the users receive after correctly typing their credentials into the user interface, but instead of the user interface displaying the 2FA verification page so the user can type in the code they received by email, it logs the user out (sends them back to the username/password page) and presents a green error banner with the message “You have been logged out because your session has expired”.
As soon as we remove 2FA on the account it all works again as expected, less the 2FA email or verification webpage of course.
The same errors occur independently of clearing cache locally and on the server and also tested with different client PC’s and different browsers and all give the same result.
Not sure if related, but another annoying issue is when the user logs out, they are unable to log in again on the same browser window without an error message “Login credentials incorrect, please try again.” - if they close the browser window and try again, works without any problems.
Appreciate you taking the time to come back to me as I had already spent some time trying to look into this issue, resolve the problem myself and to check out the existing posts in case anyone else had experienced the same thing. While a few issues had been logged before, they were either not quite the same or for different versions of the software. Thanks to you getting back to me, I can save time by stopping my search for a fix or something I had done wrong.
I have, as requested, added the issue to the GitHub project listing so hopefully, this will be reviewed shortly and we can look for a fix in due course.
Again I appreciate the time taken for you to reply.
We were informed soon after we posted the issue that it was being fixed in version 8.0.2 and you can currently download 8.0.3 but we have not revisited the testing for this feature ourselves so I can’t confirm it’s been fixed but we will be retesting in the coming weeks and when we have tested ourselves, I will post an update.
We find using Cloudflare’s Access feature in their Zero Trust platform works amazing. It covers 2-FA security for multiple apps where a user only has to provide one verification.
We have tested again with SuiteCRM 8.1.0 and the issue is still present and has not yet been fixed. We were originally told this was due to be addressed in version 8.0.2 but this clearly has not yet been sorted. I will update again if I have any further details.
Any updates on when 2FA will be fixed please as I would have thought this was critical to a number of people and also first told it was due to be fixed in 8.0.2 and current version 8.1.0?
and thanks for trying out SuiteCM 8.