3.0.8

Disable Google MFA for specific user (#3595)

Author: nilsteampassnet

docs/_media/tp3_auth_mfa_1.png

@@ -57,4 +57,32 @@ Depending of the AD type and your users annuary configuration, the next keys nee
 * __Local and LDAP users__ - If LDAP authentication is enabled, only users synchronized with AD remote server will be allowed to log in Teampass. Locally managed users will by default be rejected. With this option enabled, both kind of users can be allowed to log in Teampass.
 * __AD user roles mapped with their AD groups (1)__ - When enabled, Administrator will be able to map existing AD Groups with local Teampass roles. By doing so, any AD user belonging with one of this AD group will automatically be promoted to the mapped Teampass role.
 * __Hide forgot password link on Home page__ - If LDAP authentication is enabled, you should disable forgot password feature but it can be enabled for locally managed users.
-* __AD user to get created automatically__ - Valid AD user will have an account automatically created in Teampass and his AD groups mapped with corresponding Teampass roles.
+* __AD user to get created automatically__ - Valid AD user will have an account automatically created in Teampass and his AD groups mapped with corresponding Teampass roles.
+
+
+## Multi Factor Authentication (MFA)
+
+> User authentication can be completed with an MFA protocol. Currently, `Google Authentication` and `DUO Security` can be enabled for users.
+
+### Setting up
+
+As an Administrator, select the `Settings \ MFA` option in the left menu.
+
+![Settings tasks options](../_media/tp3_auth_mfa_1.png)
+
+### Generalities
+
+🔔 Once an MFA protocol is enabled, the MFA code is mandatory for each user to get authenticated in Teampass. 2 exceptions are possible.
+
+👉 Administrator users can have this rule disabled globally using dedicated option.
+
+![Settings tasks options](../_media/tp3_auth_mfa_2.png)
+
+👉 By default, each user has to authenticated with an MFA code. But this can be disabled through the user form inside page `Users` using the input `MFA enabled`.
+
+![Settings tasks options](../_media/tp3_auth_mfa_4.png)
+
+If disabled for a user, a red fingerprint symbol is shown in the users list.
+
+![Settings tasks options](../_media/tp3_auth_mfa_3.png)
+

docs/_media/tp3_auth_mfa_2.png

@@ -15,8 +15,8 @@
  *
  * @see      http://www.teampass.net
  */
-define('TP_VERSION', '3.0.7');
-define("UPGRADE_MIN_DATE", "1681998259");
+define('TP_VERSION', '3.0.8');
+define("UPGRADE_MIN_DATE", "1684663811");
 define('TP_TOOL_NAME', 'Teampass');
 define('TP_ONE_DAY_SECONDS', 86400);
 define('TP_ONE_WEEK_SECONDS', 604800);

docs/_media/tp3_auth_mfa_3.png

@@ -1075,5 +1075,7 @@
     'email_body_user_config_5' => 'Hello #lastname#,<br><br>This is a generated email from Teampass passwords manager.<br><br>Keys encryption is now finished. Following code is expected next time using Teampass:<br><br><b>#code#</b><br><br><br>Cheers',
     'email_body_user_config_6' => 'Hello #lastname#,<br><br>This is a generated email from Teampass passwords manager.<br><br>Following credentials are expected next time using Teampass:<ul><li>login: #login#</li><li>Password: #password#</li></ul><br><br><br>Cheers',
     'error_data_not_valid' => 'Data is not valid',
+    'mfa_enabled' => 'MFA enabled',
+    'mfa_disabled_for_user' => 'MFA disabled for user',
 
 );

docs/_media/tp3_auth_mfa_4.png

@@ -1075,5 +1075,7 @@
     'email_body_user_config_5' => 'Hello #lastname#,<br><br>This is a generated email from Teampass passwords manager.<br><br>Keys encryption is now finished. Following code is expected next time using Teampass:<br><br><b>#code#</b><br><br><br>Cheers',
     'email_body_user_config_6' => 'Hello #lastname#,<br><br>This is a generated email from Teampass passwords manager.<br><br>Following credentials are expected next time using Teampass:<ul><li>login: #login#</li><li>Password: #password#</li></ul><br><br><br>Cheers',
     'error_data_not_valid' => 'Data is not valid',
+    'mfa_enabled' => 'MFA enabled',
+    'mfa_disabled_for_user' => 'MFA disabled for user',
 
 );

docs/features/authentication.md

@@ -1075,5 +1075,7 @@
     'email_body_user_config_5' => 'Hello #lastname#,<br><br>This is a generated email from Teampass passwords manager.<br><br>Keys encryption is now finished. Following code is expected next time using Teampass:<br><br><b>#code#</b><br><br><br>Cheers',
     'email_body_user_config_6' => 'Hello #lastname#,<br><br>This is a generated email from Teampass passwords manager.<br><br>Following credentials are expected next time using Teampass:<ul><li>login: #login#</li><li>Password: #password#</li></ul><br><br><br>Cheers',
     'error_data_not_valid' => 'Data is not valid',
+    'mfa_enabled' => 'MFA enabled',
+    'mfa_disabled_for_user' => 'MFA disabled for user',
 
 );

includes/config/include.php

@@ -1075,5 +1075,7 @@
     'email_body_user_config_5' => 'Hello #lastname#,<br><br>This is a generated email from Teampass passwords manager.<br><br>Keys encryption is now finished. Following code is expected next time using Teampass:<br><br><b>#code#</b><br><br><br>Cheers',
     'email_body_user_config_6' => 'Hello #lastname#,<br><br>This is a generated email from Teampass passwords manager.<br><br>Following credentials are expected next time using Teampass:<ul><li>login: #login#</li><li>Password: #password#</li></ul><br><br><br>Cheers',
     'error_data_not_valid' => 'Data is not valid',
+    'mfa_enabled' => 'MFA enabled',
+    'mfa_disabled_for_user' => 'MFA disabled for user',
 
 );