Hi there,
following situation:
Created new organization, enabled 2FA policy, invited new user.
User gets invitation via email, creates new account, but is not able to confirm the invitation to the organization, as he hasn’t got the possibility to activate 2FA-authentication.
So he has to activate 2FA-authentication and follow the invitation link once again to accept it.
The wiki at Home · dani-garcia/vaultwarden Wiki · GitHub refers to bitwarden’s help Enterprise Policies | Bitwarden Help Center where they say:
“New users will be automatically setup with email-based two-step login, but can change this at any time”
But this doesn’t happen.
Have I missed any configuration or is it more a feature request?
Here’s my config
### Your environment (Generated via diagnostics page)
* Vaultwarden version: v1.30.1
* Web-vault version: v2023.10.0
* OS/Arch: linux/x86_64
* Running within Docker: true (Base: Debian)
* Environment settings overridden: true
* Uses a reverse proxy: true
* IP Header check: false (X-Forwarded-For)
* Internet access: true
* Internet access via a proxy: false
* DNS Check: true
* Browser/Server Time Check: true
* Server/NTP Time Check: true
* Domain Configuration Check: true
* HTTPS Check: true
* Database type: MySQL
* Database version: 10.11.6-MariaDB-1:10.11.6+maria~ubu2204
* Clients used:
* Reverse proxy and version:
* Other relevant information:
### Config (Generated via diagnostics page)
<details><summary>Show Running Config</summary>
**Environment settings which are overridden:** DOMAIN, SENDS_ALLOWED, SIGNUPS_ALLOWED, SIGNUPS_VERIFY, SIGNUPS_VERIFY_RESEND_TIME, SIGNUPS_VERIFY_RESEND_LIMIT, SIGNUPS_DOMAINS_WHITELIST, EMERGENCY_ACCESS_ALLOWED, ADMIN_TOKEN
```json
{
"_duo_akey": null,
"_enable_duo": true,
"_enable_email_2fa": true,
"_enable_smtp": true,
"_enable_yubico": true,
"_icon_service_csp": "",
"_icon_service_url": "",
"_ip_header_enabled": true,
"_smtp_img_src": "cid:",
"admin_ratelimit_max_burst": 10,
"admin_ratelimit_seconds": 60,
"admin_session_lifetime": 20,
"admin_token": "***",
"allowed_iframe_ancestors": "",
"attachments_folder": "data/attachments",
"auth_request_purge_schedule": "30 * * * * *",
"authenticator_disable_time_drift": false,
"data_folder": "data",
"database_conn_init": "",
"database_max_conns": 10,
"database_timeout": 30,
"database_url": "*****://***********************************************************",
"db_connection_retries": 15,
"disable_2fa_remember": false,
"disable_admin_token": false,
"disable_icon_download": false,
"domain": "*****://********************",
"domain_origin": "*****://********************",
"domain_path": "",
"domain_set": true,
"duo_host": null,
"duo_ikey": null,
"duo_skey": null,
"email_attempts_limit": 3,
"email_change_allowed": true,
"email_expiration_time": 600,
"email_token_size": 6,
"emergency_access_allowed": true,
"emergency_notification_reminder_schedule": "0 3 * * * *",
"emergency_request_timeout_schedule": "0 7 * * * *",
"enable_db_wal": true,
"event_cleanup_schedule": "0 10 0 * * *",
"events_days_retain": null,
"extended_logging": true,
"helo_name": null,
"hibp_api_key": null,
"icon_blacklist_non_global_ips": true,
"icon_blacklist_regex": null,
"icon_cache_folder": "data/icon_cache",
"icon_cache_negttl": 259200,
"icon_cache_ttl": 2592000,
"icon_download_timeout": 10,
"icon_redirect_code": 302,
"icon_service": "internal",
"incomplete_2fa_schedule": "30 * * * * *",
"incomplete_2fa_time_limit": 3,
"invitation_expiration_hours": 120,
"invitation_org_name": "Vaultwarden Edatasystems",
"invitations_allowed": true,
"ip_header": "X-Real-IP",
"job_poll_interval_ms": 30000,
"log_file": "/data/vaultwarden.log",
"log_level": "Info",
"log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
"login_ratelimit_max_burst": 10,
"login_ratelimit_seconds": 60,
"org_attachment_limit": null,
"org_creation_users": "",
"org_events_enabled": false,
"org_groups_enabled": true,
"password_hints_allowed": true,
"password_iterations": 600000,
"push_enabled": false,
"push_installation_id": "***",
"push_installation_key": "***",
"push_relay_uri": "https://push.bitwarden.com",
"reload_templates": false,
"require_device_email": false,
"rsa_key_filename": "data/rsa_key",
"send_purge_schedule": "0 5 * * * *",
"sendmail_command": null,
"sends_allowed": true,
"sends_folder": "data/sends",
"show_password_hint": false,
"signups_allowed": false,
"signups_domains_whitelist": "***************,******************,**************,*********",
"signups_verify": true,
"signups_verify_resend_limit": 5,
"signups_verify_resend_time": 3600,
"smtp_accept_invalid_certs": false,
"smtp_accept_invalid_hostnames": false,
"smtp_auth_mechanism": "Login",
"smtp_debug": false,
"smtp_embed_images": true,
"smtp_explicit_tls": null,
"smtp_from": "********************",
"smtp_from_name": "PasswortDB edatasystems",
"smtp_host": "********************",
"smtp_password": "***",
"smtp_port": 587,
"smtp_security": "starttls",
"smtp_ssl": null,
"smtp_timeout": 15,
"smtp_username": "************",
"templates_folder": "data/templates",
"tmp_folder": "data/tmp",
"trash_auto_delete_days": null,
"trash_purge_schedule": "0 5 0 * * *",
"use_sendmail": false,
"use_syslog": false,
"user_attachment_limit": null,
"web_vault_enabled": true,
"web_vault_folder": "web-vault/",
"websocket_address": "0.0.0.0",
"websocket_enabled": false,
"websocket_port": 3012,
"yubico_client_id": null,
"yubico_secret_key": null,
"yubico_server": null
}
Thanks in advance