Is there a way in SuiteCRM 8.8.0 to require all users to enable two-factor authentication?
I think you can do it as per the user.
Yes, right, but I’d like to enforce it globally so that every user must activate it. Is there a way to accomplish this?
Hey, i think if you do a mass update on the Db field(factor_auth ,on version 8.8) it might reflect for all users, might be better to test on a Dev Environment first beforehand
Hello,
I’m sure there is a way - but not via the UI.
Check out this post, about the opposite:
Hello Catherine,
There are three fields in the users table, which seem to “activate / deactivate” the 2FA.
Set these to:
totp_secret = NULL
is_totp_enabled = 0
backup_codes = []
[image]
And then, the user can login again and re-activate the 2FA.
Then, it’s important to copy and paste the backup codes into your password storage app.
[auth_codes]
Afterwards, the fields are being filled again (with encoded values - so it’s not possible to simply copy them and use them).
[image]
The challenge that I see is, that the values in the DB are encoded. Suite seems to be using an internal encoding logic (not Base64) for that.
If you search for 2FA in the code, you’ll find a possible approach on how to automate this:
$this->cacheManagerHandler->markAsNeedsUpdate('app-metadata-user-preferences-' . $user->getId());
$response = [
'two_factor_disabled' => true
];
return new Response(json_encode($response), Response::HTTP_OK);
}
#[Route('/2fa/enable-finalize', name: 'app_2fa_enable_finalize', methods: ["GET", "POST"])]
public function enableFinalize2fa(#[CurrentUser] ?User $user, Security $security, Request $request, TotpAuthenticatorInterface $totpAuthenticator): Response
{
$auth_code = $request->getPayload()->get('auth_code') ?? '';
$correctCode = $totpAuthenticator->checkCode($user, $auth_code);
if ($correctCode) {
$this->userHandler->setUserPreference('is_two_factor_enabled', true);
$this->preparedStatementHandler->update(
'UPDATE users SET is_totp_enabled = true WHERE id = :id',
['id' => $user->getId()],