• Hi,

    My users have “Required but not configured” 2FA status even though my settings are:
    1. Enforce 2FA on all users
    2. I gave a grace period of 3 days only (it’s been 2 weeks), and then ” Do not let them access the dashboard / user page once they log in until they configure 2FA” but they connect multiple times each day.

    It looks like I had left users see the “remove 2FA button” on their profile. Maybe that’s why?
    If so, I want to enforce 2FA on them again. How can I do that?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor robertabela

    (@robert681)

    Thank you for using our plugin @msstm

    Users have to configure 2FA themselves, so even if you enforce 2FA on them, if they do not log their 2FA will remain non-configured. Even if you set the grace period to 3 days.

    This is exactly what is happening in your situation – you’ve enforced 2FA and users have not accessed the website since you’ve configured these policies. Can you double check and confirm with these users, and maybe ask some of them to try to log in now?

    If they do, they will be prompted to configure 2FA right away.

    Please let us know if you need any additional information.

    Thread Starter msstm

    (@msstm)

    Hi, I don’t think that’s what happened.

    Some of these users are logging in every day and are very active publishing stuff.
    “It looks like I had left users see the “remove 2FA button” on their profile.
    Maybe that’s why, how can I enforce it on them again?

    Plugin Contributor robertabela

    (@robert681)

    That is strange that users can log in without 2FA, even if you left the Remove 2FA button. If users are required to configure 2FA via policies, and they remove 2FA the plugin will prompt them again to configure 2FA.

    Are they logging in to the standard WordPress dashboard or the users do not have access to the dashboard?

    Do you know if they get any notifications about 2FA as well?

    Also, can you please confirm what version of WordPress and WP 2FA plugin are you running?

    Looking forward to hearing from you.

    Thread Starter msstm

    (@msstm)

    Then I really don’t know how that happened.
    They use the standard WP dashboard.

    I use the very latest version of WP and all plugins.

    I don’t know if they get notifications but they’ve never mentioned that to me. I’ll ask.

    Plugin Contributor robertabela

    (@robert681)

    Hello @msstm

    You can do a quick test yourself;

    1. Create a user which has 2FA enforced on it
    2. Log in and configure 2FA
    3. Click “Remove 2FA”
    4. Log out and log back in

    You should be prompted to configure 2FA again. Is this working on your website?

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘“Required but not configured” but Enforcing on all users’ is closed to new replies.