Activities of "RobertSCG"

All Question Answer
Newest Oldest
2 Factor Authentication with Forced options - show authenticator app wizard #8534
Question

Hello ,

I've check recommended solution from this issue , https://abp.io/support/questions/8185/2FA-Authenticator-App-Registering-form-after-login .

It works fine but we would like to ask about forcing an authenticator app wizard. Scenario :

  1. Login as a admin host
  2. Go to Administration - Settings - Account - Two Factor tab : Force Two factor authentication

  1. Logout

  2. Login as a tenant admin , without configured Authenticator App

  3. The result - You are logged in

checked on pure tiered project using newest abp framework 9.0.2 , with @volo/account": "~9.0.2"

Expected result : User sees the authenticator app configuration wizard , configures the app and login with 2FA.

**Notes and thoughts: **

  • such expected scenario is a standard behaviour while logging in to application on which the 2factor authentication is enabled ( in example all microsoft applications , when do not recognize user , performs an authenticator app wizard just after loggin in )

  • from admin host perspective , when I set the Two factor option to Forced, I expect every user while loggin in to have an authenticator app wizard opened - if not configured.

  • ABP Framework version: v9.0.2

  • UI Type: Blazor Server

  • Database System: EF Core (SQL Server)

  • Tiered (for MVC) or Auth Server Separated (for Angular): yes

2FA Authenticator App Registering form after login #8185
Question

Hello ,

when logged in as a tenant admin i can enable two factor authentication for user from identity management-> users tab. Happy path : When user has his own microsoft authenticator app registered everything works well and after login when 2FA is enabled user is requested to put a verification code.

Sad path ( to correct ) : When user do not have registered his own microsoft authenticator he is beeing locked in some what on the 2FA step. Because he do not have any service provider to pass through:

What I want to achieve is to force the registration form for authenticator app after user is logged in only if the particular user do not have his own microsoft authenticator registered. So I want to show this wizard :

What is more i want to have a possibility to reset authenticator setting for particular user from tenant admin level. Basically to perform such action like on the screen below but from tenant admin level for particual user :

Note : All main settings from settings-management tab are set to optional from host admin level and tenant admin level as well.

I've checked documentation in here : https://abp.io/docs/latest/modules/identity/two-factor-authentication And also I've tried to search something in support forum but didn't found anything satisfying.

  • ABP Framework version: v8.3.0
  • UI Type: Blazor Server
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): no
Showing 1 to 2 of 2 entries
Made with ❤️ on ABP v9.1.0-preview. Updated on December 26, 2024, 06:07