Umbraco 13 - 2FA Question

darrenhunterEmerald · August 1, 2025, 10:16am

I am trying to find a way using this tutorial / information in the Umbraco Docs: Two-factor Authentication | Umbraco CMS

To allow back office users to use 2FA,

1: I want to force all users (None AD Users) on 1st sign in to use 2FA
2: I want to stop any users that are None AD users from Switching off 2FA.

Regards
Darren

rickbutterfield · August 1, 2025, 10:37am

You can definitely enforce 2FA on sign in, this Gist from @Rockerby did the trick for me! I’m not sure about disabling the ability to turn it off once it’s turned on though.

gist.github.com

https://gist.github.com/Rockerby/3dce3a47c8657a7fa4a7fbcb7bd73190

EnforceTwoFactorAuthentication.js

(() => {
    
    angular.module("umbraco").run(["authResource", "twoFactorLoginResource", "editorService", "notificationsService", "eventsService", "overlayService",  async (authResource, twoFactorLoginResource, editorService, notificationsService, eventsService, overlayService) => {
        const state = {};
        
        const init = async (firstInit) => {
            "app.ready"
            state.currentUser = await authResource.getCurrentUser();
            state.twoFactorAuthProviders = await twoFactorLoginResource.get2FAProvidersForUser(state.currentUser.id);

This file has been truncated. show original

package.manifest

{
    "javascript": [
        "~/App_Plugins/path/to/EnforceTwoFactorAuthentication.js"
    ]
}

darrenhunterEmerald · August 1, 2025, 10:56am

Hi,

Thanks this works, the only issue I am finding is that any users we have setup with AD is causing issues. Is there any way to check to see if the user is logged in by AD to stop 2FA check.