when I tried to grant a user admin privilege this happened, is this a bug or I missed some settings or configuration? I need help for this.
Do you have 2factor authentication enabled for your admin account? I can’t reproduce that message without having 2fa on the admin account, but with the correct 2fa code, it gets overridden and I am able to grant admin access.
I’m not sure these are all settings for 2-factor auth, I enabled for staff before and I still have to input the code to sign-in, but I think I set it back to default earlier.
should I disable the first one?
That are the general settings where you can set who has to enable 2 factor authentication.
The settings for your account are at your preferences at {yoursite}/my/preferences/second-factor
.
I tried to disable the enforce second factor on external auth, still 403, is anything else I missed configured?
I believe you need to be autheticate with 2fa yourself or disable it in your own user preferences like what Moin described above. I don’t know how your external authentication is configured though. I can reproduce the 403 you described, but with my correct 2fa code, it allows me to perform the admin action.
I will try to find out, thanks anyway