Hello @marklcm
Thank you very much for trying our plugin. I am sorry to read about your issues, however, I am not understanding the problem. I need more details to help you troubleshoot and fix the issue.
It seems like you have three issues:
1) shop manager is showing as not allowed even though it is enabled.
2) Admin role is shown as configured even though it is not.
3) When you navigate to user profile pages, there is always the button configure 2FA, regardless of the settings.
Is the above correct? If it is correct, let’s start troubleshooting one problem at a time.
To start off with, can you please confirm that you have the latest version of the plugin installed (version 1.7)?
Even though the shop manager is showing as not allowed, what are the policies that you have in place?
Looking forward to hearing from you.
Thank you for your plugin. I have 1.7 running. Everything else up to date.
I have had it active for some time with no problems, only in use for admins.
Point one: correct
Point two: no, it is working fine for the admin role. (as configured)
Point three: The profile page for admins shows three buttons;
“Change 2Fa Settings”;
“Remove 2FA”, and “Generate Back up Codes”.
The profile page for other roles only shows one button “Configure 2FA”.
I would really like it to display the “Generate Back up Codes” button as well.
By policies do you mean plugin settings? If so they are:
Primary 2Fa methods
One-time code via 2FA App
Back codes
Enforce 2FA on
Only for specific users and roles
Admin, Editor, Shop Manager and Mailpoet
(I have only just enabled the latter two, and have nobody in the Editor role)
Grace period
7 days
No redirection
No front end settings page
Hide the Remove 2FA button is unchecked
Limit access to 2FA settings is unchecked.
Thank you for the information @marklcm
Response to point 1: We are aware of it and we will fix it in the upcoming update of the plugin.
Response to point 3: The 2FA Backup Codes are a backup 2FA method, which means they cannot be used on their own. A user must have a 2FA method (TOTP or email) configured first to be able to configure the backup codes.
That is why on the user profile pages you are only seeing “Configure 2FA”. The “Generate backup codes” button will only appear once a user configures a primary 2FA method.
I hope the above helps. Should you require any further information, please do not hesitate to ask.
Have a great day.
Thank you for your reply.
Could I suggest that the user experience in this situation would be greatly improved if some information , a single line saying something like:
After setup. you will be able to generate backup codes to use if you lose you phone.
Indeed, that is a very good recommendation @marklcm
We will add it in the next update. In the meantime please do not forget to rate our plugin and service. These reviews really help us.
