catalyst / moodle-tool_mfa

A Multi-Factor Authentication Moodle plugin with flexible support for TOTP, Email, IP and more
https://moodle.org/plugins/tool_mfa
34 stars 38 forks source link

Possible to remove "I don't have my device" option for Authenticator App TOTP #423

Open MorhionGendehar opened 1 year ago

MorhionGendehar commented 1 year ago

We are having an issue where users can bypass the TOTP restriction when clicking "I don't have my device" It simply logs them in without MFA. Is there anyway to remove that option? error

danmarsden commented 1 year ago

You probably have the factors setup incorrectly, can you please add a screenshot that shows how your factors are set up?

MorhionGendehar commented 1 year ago

image

We want to use the MFA so that only administrators or anyone with 'site administration' has to use the TOTP to access. If I do anything less than this it makes every user authenticate, what did I do wrong?

Thanks for the help!

danmarsden commented 1 year ago

that does look wrong, unfortunately documentation is still a little weak for this plugin but Moodle HQ's "testing instructions" for pulling this plugin into core has a few scenarios that you might want to try out - take a look at the different testing scenarios on https://tracker.moodle.org/browse/MDL-78509 and you will probably spot something there in the testing scenarios that meets your needs.