search cancel

How to confirm users have enabled 2FA via the webui

book

Article ID: 253157

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

Users can individually enable 2FA via the webui, however as an admin, there needs to be a way to confirm which users have actually enabled 2FA via the webui.  This is not available in the current release, 8.2.6.

Environment

Release : 8.2.5

Cause

The google authenticator can be enabled but there needs to be a method to know which users have enabled two factor authentication, also known as 2FA.

Resolution

The admin can login as root to the CLI and run the following to learn which users do or do not have 2FA enabled.  If the "has_2fa" column is set to 1, then the user has enabled 2FA.

The command to run:

echo "SELECT (SELECT COUNT(*) AS count FROM user_settings AS us WHERE u.id = us.user_id AND us.name = 'totp') AS has_2fa, u.username, u.name FROM users AS u WHERE u.username NOT LIKE 'cmc\_proxy%' ORDER BY u.username;" | su - postgres -c "psql -d dsweb"

For example,

 has_2fa |    username      |               name                
------------+---------------------+-----------------------------------
            1 | admin               | control_center_admin.default_name
            0 | admin1             | admin1
            0 | security_admin | Security Administrator
            0 | user1              | user1
            0 | user11              | user11

Additional Information

A feature request has been made to add this list to the web GUI.