2FA Authenticator App Registering form after login #8185 | Support

RobertSCG created 2 months ago

Hello ,

when logged in as a tenant admin i can enable two factor authentication for user from identity management-> users tab. Happy path : When user has his own microsoft authenticator app registered everything works well and after login when 2FA is enabled user is requested to put a verification code.

Sad path ( to correct ) : When user do not have registered his own microsoft authenticator he is beeing locked in some what on the 2FA step. Because he do not have any service provider to pass through:

What I want to achieve is to force the registration form for authenticator app after user is logged in only if the particular user do not have his own microsoft authenticator registered. So I want to show this wizard :

What is more i want to have a possibility to reset authenticator setting for particular user from tenant admin level. Basically to perform such action like on the screen below but from tenant admin level for particual user :

Note : All main settings from settings-management tab are set to optional from host admin level and tenant admin level as well.

I've checked documentation in here : https://abp.io/docs/latest/modules/identity/two-factor-authentication And also I've tried to search something in support forum but didn't found anything satisfying.

ABP Framework version: v8.3.0
UI Type: Blazor Server
Database System: EF Core (SQL Server)
Tiered (for MVC) or Auth Server Separated (for Angular): no

7 Answer(s)

0

maliming created 2 months ago
Support Team Fullstack Developer

hi

I will check&confirm the problem.
0

RobertSCG created 2 months ago

Hi , thanks for response ,

to clarify : Tiered (for MVC) or Auth Server Separated (for Angular): yes
0

maliming created 2 months ago
Support Team Fullstack Developer

Thanks.
0
maliming created 2 months ago
Support Team Fullstack Developer
hi

Are you using the v8.3.0?

I can't reproduce this problem.

I created a new user and enabled its 2fa.

I log in with this user, and there is no 2fa page.

If I add a Google authenticator, re-login will require the 2fa.

if I remove the Google authenticator. re-login will not require 2fa page.

What is your framework version and can you try to reproduce this in a new template project.

Thanks.
0

RobertSCG created 2 months ago

Hi,

yes the version is 8.3.0 .

The issue is on our side in the step when you will enable 2FA for user who have not registered a provider.

I will check it on empty project maybe some configuration is implemented which caused the issue. Do You have any idea what can affect this particular flow which You described ?

Thanks
0

maliming created one month ago
Support Team Fullstack Developer

hi

Do you use the account and identity source code in your project?

Can you share a project to reproduce the problem so that I can check it locally?

Thanks.

liming.ma@volosoft.com
0

maliming created one month ago
Support Team Fullstack Developer

hi

Solution:

If the target user doesn't have a 2FA provider, we will show a message on the Identity/User page: You can not enable two factor for this user because the user does not configured any two factor providers.

Have an answer to this question? Log in and write your answer.