Add Second Factor Authentication to Moqui

I recently submitted a pull request to add Second Factor Authentication to Moqui. The pull request makes changes to moqui-framework, moqui-runtime, and SimpleScreens. You can see the pull request in the previous links.

This is a fairly big change to how Moqui users login and would be helpful for all system admins to know that this will soon be a feature for security.

The main changes for users is a SecondFactor screen for verifying a SecondFactor. There is a condition where if an admin changes a UserGroup that a given user is in to require an Authentication factor. If this happens the user can’t login until an administrator creates an Authentication factor for the user. I would suggest adding an email factor for the user’s current email. This can be done in the UserAccountDetail screen in the System application.

The user can, in the MyAccount application, configure authentication factors by adding or deleting:

  • Email Authentication Factors
  • Backup Single Use Codes
  • Authenticator App codes

An admin has full control of what authentication factors a specified user has in the UserAccountDetail screen.

If you have any questions, it’d be great if you asked me on this thread of the forum.

1 Like

For user authentication, I’m interested in the ability to store all user accounts somewhere on the side, for example, if it is possible in a combination of Kafka and Synapse, since I want to connect Moqui with other systems.
And not just store your login / password, but also access rights.

Where to start and where to look?

1 Like

JWT integration with Keycloak would be cool.

1 Like