User Management account access controls for community portal
we need to ensure the administrative/privileged accounts require 1. Private Network and 2. Strong Authentication (Basic auth + MFA) access controls in-place.
I’m not aware of a way to do that. It’ll take a plugin. There’s a geofencing plugin that could be a start. Happy to help with that or you can ask in marketplace.
Wow! I didn’t know there was an admin allow-list! I’d guess it’ll take network addresses so you can give it a whole class C or whatever.
They’d need another admin to update the setting. But I would assume that this would be used when the admin uses a vpn to the company network, so if the address changed, it would mean he was no longer allowed to be an admin.
That is kind of my point. Limiting IP can and will be a potentially hazardous setup if an admin works outside the business world
If such a security measure is needed and there is only one admin and the admin is using an IP that can and will change, then using Varnish or a similar frontend for Discourse is a safer solution (unless the shell gives a backdoor).
Did you take a look at the topics I linked in Two-factor authentication method for additional security during login - #4 by Moin ?
The video was very helpful for me.
You can also set up two-factor authentication for a test account to try without enabling the setting which forces staff to enable it. When you enable the setting, you have to set it up for your account if you haven’t done so before; you can’t do anything else on your site until you’ve done that, not even disable the setting.