I recently submitted a pull request to add Second Factor Authentication to Moqui. The pull request makes changes to moqui-framework, moqui-runtime, and SimpleScreens. You can see the pull request in the previous links.
This is a fairly big change to how Moqui users login and would be helpful for all system admins to know that this will soon be a feature for security.
The main changes for users is a SecondFactor screen for verifying a SecondFactor. There is a condition where if an admin changes a UserGroup that a given user is in to require an Authentication factor. If this happens the user can’t login until an administrator creates an Authentication factor for the user. I would suggest adding an email factor for the user’s current email. This can be done in the UserAccountDetail screen in the System application.
The user can, in the MyAccount application, configure authentication factors by adding or deleting:
- Email Authentication Factors
- Backup Single Use Codes
- Authenticator App codes
An admin has full control of what authentication factors a specified user has in the UserAccountDetail screen.
If you have any questions, it’d be great if you asked me on this thread of the forum.