Unable to Reset or Disable 2FA for Locked-Out Users in SuiteCRM 8

Hi Team,

We are using the built-in two-factor authentication (2FA) feature in SuiteCRM 8, which works via an authenticator app.

However, we’ve encountered a usability issue — if a user loses access to their authenticator app or device, the admin has no way to disable or reset 2FA for that user. This essentially locks the user out permanently and prevents them from logging in.

Is there any way (either through the UI or database) for the admin to reset or disable 2FA for specific users?
Or is this a known limitation/bug in the current core implementation?

Looking forward to any suggestions or official guidance.

Thanks in advance!

There should be related tables in the database, for example check out the users table. Maybe you will be able to disable 2FA for the user.

I can see factor_auth and factor_auth_interface columns in the users table.

@suitecrm_team, is there any other ways to handle this situation?

@BastianHammer, do you know the solution?

Hello Catherine,

There are three fields in the users table, which seem to “activate / deactivate” the 2FA.

Set these to:

  • totp_secret = NULL
  • is_totp_enabled = 0
  • backup_codes = []

image

And then, the user can login again and re-activate the 2FA.

Then, it’s important to copy and paste the backup codes into your password storage app.

Afterwards, the fields are being filled again (with encoded values - so it’s not possible to simply copy them and use them).

1 Like

Hi @BastianHammer,

Thank you for the help.
It’s working.

1 Like