Hello, i have successfully integrated 2 factor authentication for the back office users via an authenticator app.
However, the client has provided another requirement now that all users must have 2 factor authentication enabled. So i was thinking that there might be someway to intercept an initial login and make it a requirement that they complete the 2 factor authentication process before completing login.
Is this do-able and if so are there any examples of redirecting the initial authentication method.
I'm not sure this is helpful, but I was just looking coincidentally at a project today which has 'turned off' local logins, so it can only work via the third party authentication.
This is achieved by setting DenyLocalLogin to true, on the BackOfficeExternalLoginProviderOptions
Yeah we ended up implementing it with Azure AD which enabled us to disable local users as suggested above, but for my own interest i still want to work out if we can force local users to set up multi factor authentication, but thank you for your response.
Enforce Back Office 2 Factor Authentication
Hello, i have successfully integrated 2 factor authentication for the back office users via an authenticator app.
However, the client has provided another requirement now that all users must have 2 factor authentication enabled. So i was thinking that there might be someway to intercept an initial login and make it a requirement that they complete the 2 factor authentication process before completing login.
Is this do-able and if so are there any examples of redirecting the initial authentication method.
I used the following as a basis for my MFA setup
https://docs.umbraco.com/umbraco-cms/v/10.latest-lts/reference/security/two-factor-authentication#notification-when-2fa-is-requested-for-a-user
Hi James
I'm not sure this is helpful, but I was just looking coincidentally at a project today which has 'turned off' local logins, so it can only work via the third party authentication.
This is achieved by setting DenyLocalLogin to true, on the BackOfficeExternalLoginProviderOptions
https://github.com/umbraco/Umbraco-CMS/blob/33adbf41fa1f5c5d0759c70a7116114107addf56/src/Umbraco.Web.BackOffice/Security/BackOfficeExternalLoginProviderOptions.cs
I'm not sure if this will be of use for 2FA or whether that is something else?
regards
Marc
Yeah we ended up implementing it with Azure AD which enabled us to disable local users as suggested above, but for my own interest i still want to work out if we can force local users to set up multi factor authentication, but thank you for your response.
I came across the minOrange's solution while researching on how to implement MFA for my Umbraco 10 application.
LINK: https://plugins.miniorange.com/umbraco-two-factor-authentication-2fa
These guys have allowed me to force local users to set up multi factor authentication.
You can try it out.
is working on a reply...