Unlink TFA from specific accounts

ivan · 12 May 2025 14:54

Running LATEST docspace on Ubuntu 24

Hi, I’d like to be able to REMOVE the requirement for a specific account to use TFA and THEN FORCE a new QR code to be generated for the same account to be scanned into 2FAS (or google authenticator)

I don’t want to allow access by IP OR SMS address, but 2FA ONLY

Trying to figure out HOW to use curl for this.

[1] Get an admin token ( I have the admin user/pass for docpsce)
curl -u adminuser:adminpass https://yourportal.onlyoffice.com/api/2.0/people/@self

[2] remove TFA from the account
curl -L -X PUT ‘/api/2.0/settings/tfaappnewapp’
-H ‘Content-Type: application/json’
-H ‘Accept: application/json’
-d ‘{
“type”: “None”,
“id”: “aae1e103-bca5-9fa1-ba8c-42058b4abf28”,
“trustedIps”: [
“some text”
],
“mandatoryUsers”: [
“75a5f745-f697-4418-b38d-0fe0d277e258”
],
“mandatoryGroups”: [
“75a5f745-f697-4418-b38d-0fe0d277e258”
]
}’

Some guidance here would be useful.

Need to let someone add a NEW QR code and enable TFA for the same account to a NEW device as their old phone id dead

Thanks
Ivan

Constantine · 14 May 2025 10:32

Hello @ivan

Please let me know how TFA was enabled initially and version of DocSpace.

ivan · 14 May 2025 15:51

Hello Constantine.

Document management:
LSC DocSpace
v.3.1.0
Online editors:
LSC Docs
v.8.3.3.18
Software license:
AGPL-3.0

the MFA was enabled for everyone via security->enabled 2FA by app via the UI using the docspace owner account.

Thnks
Ivan

Constantine · 15 May 2025 13:47

Have you tried resetting the app from context menu in Contacts section of DocSpace? I think it’d be easier to do it that way, so from the main page of your DocSpace you can access Contacts section and as an admin right-click user for whom TFA must be reset and select necessary item in the menu.

ivan · 15 May 2025 17:22

Will try that, sorry I missed it .

Constantine · 16 May 2025 14:54

Let me know if it works for you.