Disable 2FA via console

Documentation Self-Hosting
1

:bookmark: This guide provides instructions for administrators on how to disable two-factor authentication (2FA) via the console.

:person_raising_hand: Required user level: System Admin

:wrench: Console access required

:warning: This guide should only be used when 2FA cannot be disabled from the user admin page.

image
image1827Γ—515 41.7 KB

Discourse supports two types of 2-factor options, TOTP (6-digit codes rotating every 30 seconds), and security key (Yubikey, biometric, etc.). Sometimes users will misconfigure their 2-factor device, lose or reset their phone, or otherwise no longer be able to use/obtain the 2-factor. Admins can then assist in reseting this for them.

:warning: Admins should be certain to verify that the user is the one making the request. Disabling 2-factor makes an account easier to hack, so be sure a bad party isn’t requesting the reset.

Disabling 2FA for a user

  1. First, you’ll need to know what user is having the issue. Get the username for the user:

  2. Access the rails app on your server via ssh.


    From your local machine:

    ssh root@=SERVER_IP=

    Go to the app directory:

    cd /var/www/discourse
sudo ./launcher enter app

  3. Use the provided rake task to disable all 2FA methods for the user:

    bundle exec rake users:disable_2fa[=USERNAME=]

Last edited by @martin 2024-10-18T01:32:27Z

Check documentPerform check on document:
14 Likes