Restricting 2FA to specific groups?

I have a group where I wish to require 2FA for members of that group, but not require it for non-group-members. Is this possible?

Hey Ghufran,

An option to enforce 2FA only for the staff group (admins + mods) was added last year on Requiring 2FA for staff. This can be controlled through the enforce second factor site setting:

image

Does this fit your use case?

1 Like

I saw that, but I have a third group that are not ‘regular’ members but are not ‘staff’ either. They are more at risk than other members, so this is the group I would like to be able to enforce 2FA without requiring regular members to do the same. Ideally I could enforce 2FA for this group and for staff at the same time.

If the “enforce 2nd factor” maps to a single variable in the db, I guess I could just use the rails console or rails db to change it?

I doubt it, but you could look at the source to see. My guess is that you’d need a plugin.