Since enabling 2fa, paperless has been inaccessible to any account that is not the main admin with 2fa. Attempting to login results in a page stating 2fa is not setup for this user. There is a option to register device but it only leads to a screen stating a one-time password is sent to email. Not possible since syncloud can’t send email and no email is setup in users app.
There is no option to setup 2fa authenticator for other users.
Right, admins can see it on platform 2fa page (platform reads it from the file) but users are not allowed to get there.
Another option would be to send by email, but that would require installing mail app.
Maybe we could allow users to login to platform with limited access to their 2fa page.
Let me think about it. any preference?
Thank you for the quick reply.
I would prefer not to have to add the email app just for 2fa. When I did have email setup for awhile the email ports seem to fill the logs with malicious attempts. Far less unwanted traffic attempts without it.
Taping the profile in top right corner opens the settings, the 2fa option is there but doesn’t allow to add an authenticator, if that was accessible from that menu it would be great.
Authelia does not allow totp registration without additional validation, let me repcae it with our login to make one time registrations easier. Settings will only have enabled / disable 2fa, qr registration part will move to login screen available for every user on any app.
Published an updated login form, now it will allow first time authenticator registration for any user without this email/file verification complexity.
Also platform settings is simpler now only enable/disable 2fa (no qr as that move to next time login).
Also just realized paperless for regular user is missing some basic permissions and is giving an error, not sure I you have seen it but I am preparing a fix for that soon.
Hi @ryan , quick question about how you manage your regular (non-admin) users in Paperless.
When a new user logs in for the first time via Syncloud, Paperless creates their account with no document permissions by default (this is how upstream Paperless-ngx works). Did you then go into Paperless Settings > Users & Groups to manually assign permissions to each new user so they could view/manage documents?
Just want to confirm this workflow works for you and you’re OK with it staying this way. The alternative would be to auto-grant some default permissions to new users on first login, but that might conflict with setups where admins want to control access.
Yes, that is correct, they start with no access and you have to allow which files/settings they have access too.
That setup is fine, if anything was preset then maybe giving access to any document they create would make sense for a default but even as it is, it’s simple enough to setup.
Did 2fa login fix work for you?
Yes, I was able to setup 2fa and resume using paperless. Thank you.
Out of curiosity, what would be the procedure if an account with 2fa enabled lost access to their authenticator, how would I reset the prompt for them? Would that be through users app, or is there a command for that?
Currently there is a command to reset users 2fa on the wiki Two Factor Authentication · syncloud/platform Wiki · GitHub
I will be improving this, probably Users app will be replaced by a Users page on the main admin as it is becoming a core part of the platform and it will have a button to reset users 2fa.
