Exclude user/role setting is missing

  • Resolved neilftm

    (@neilftm)


    4 years, 8 months ago

    Hi,

    Previously I have used the option to enforce 2fa on particular roles, and then exclude certain users from this policy.

    The settings page also indicates that this is possible:
    “You can configure the grace period and also exclude user(s) or role(s) in this settings page.”

    Now the exclude part seems to be missing. I’ve seen this on multiple sites. The only time the word ‘exclude’ is written on the page is in the text above. Is this broken?

    Also I noticed that if you turn off enforcing 2FA, the users page still incorrectly shows users’ 2FA status as ‘Required but not configured.’

    Neil.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor robertabela

    (@robert681)

    4 years, 8 months ago

    Hello @neilftm

    Thank you for your message and for using our plugin.

    The Exclude user / role setting is still available, but it is only available when you enforce 2FA on all users. Therefore the setting will show up when you select “all users”.

    We have changed the logic because you do not need the exclude options when you are specifically enforcing 2FA for individual users, or per role. It is only needed when you enforce 2FA on all users.

    In regards to the 2FA user statuses, we are aware that there are some problems at the moment. We are looking into them and they will be fixed in the upcoming version update of the plugin.

    I hope the above answers your question. Should you have any other questions, please do not hesitate to ask.

    Have a great day.

    Thread Starter neilftm

    (@neilftm)

    4 years, 8 months ago

    Hi Robert,

    Thanks for your reply. The change does break our use-case – we need 2fa for all admins except our one ’emergency access’ user which has a strong password and is not used day-to-day, rather it is reserved for hosting admins to access a customers site if needed. 2fa is not suitable for this account since it needs to be shared.

    Neil

    Plugin Contributor robertabela

    (@robert681)

    4 years, 8 months ago

    Thank you for your response @neilftm

    That is indeed a valid case. We need to learn more and better understand such use cases to see how to improve the plugin. To help us with this, I have a question for you; why not installing a “user role editor” plugin, and create a specific role for that user, like “super-admin”?

    Also, to give you a bit of context on why we removed this; the plugin supports multisite networks, users with multiple roles, users who have multiple different roles on different websites on a network etc. Therefore we opted to remove that option because to support all this, and give the users the option to exclude specific user from a specific role it was getting way too complicated. It would have opened a can of worms with a lot of edge cases.

    Therefore from the practicality, performance and maintenance point of view, it is way easier to have a custom role for that user. Is it something you’d consider?

    Looking forward to hearing from you.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Exclude user/role setting is missing’ is closed to new replies.