@JammyDodger, I’ve recently registered an account at for a free instance:
There, I appear to experience this:
Most documentation appears to indicate that this should be enabled by default:
However, I’ve no option to even enable it, and it’s not enabled by default:
Moved your post here, because this is a different issue than the Contribute > Bug you posted in originally.
Discourse ID is not using OAuth2. It’s functioning, in effect, as an SSO provider, which is different.
To configure 2FA, you’d need to do so at the SSO provider, ID. Specifically https://id.discourse.com/my/preferences/security.
@jomaxro, thanks. Perhaps, what confused me was that I attempted to set enforce_second_factor to “all”, yet wasn’t able to, because I was informed that “You cannot enforce 2FA if local logins are disabled.” If this isn’t too off-topic, what’s the solution to that?
That’s a good question … and one I don’t have the answer too. I’ve looped in the team to find someone who does!
So I’ve been corrected by the team. Discourse ID does use OAuth2 under the hood - my apologies. I thought it was using a different protocol.
To your question, we do not support 2FA with external logins. As the message you saw stated, 2FA cannot be enforced without local logins being enabled. We rely on the external login provider (Discourse ID in this case, but this applies to all external providers) to manage 2FA, including enforcement.
@jomaxro, does that mean that, with the free trial plan, I cannot modify that preference? Alternatively, can I somehow disconnect Discourse ID?
Want to confirm, are you referring to a free trial, or the free plan?
@jomaxro, apologies. Free plan, I believe:
