[GH-ISSUE #195] New User + 2FA #2059

New issue

Closed

opened 2026-03-14 02:18:59 +03:00 by kerem · 2 comments

kerem commented

2026-03-14 02:18:59 +03:00

Owner

Originally created by @juaromu on GitHub (Nov 30, 2020).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/195

Hi:

I created a new user, while logged on as admin, logged off and back on with the new credentials.
When presented with the Q code to enable 2FA I could actually access the portal without completing the process, just by retyping the main RMM URL in the browser. The account on the top right was shown as "undefined", but with full access to the portal.
Not sure if this is an expected outcome, must confess I found out "by mistake" while logging on to test the new account for the first time.
After that, you won't be able to log on again with the "unfinished account" since the portal asks for the 2FA code and that was never initialized.

Originally created by @juaromu on GitHub (Nov 30, 2020). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/195 Hi: I created a new user, while logged on as admin, logged off and back on with the new credentials. When presented with the Q code to enable 2FA I could actually access the portal without completing the process, just by retyping the main RMM URL in the browser. The account on the top right was shown as "undefined", but with full access to the portal. Not sure if this is an expected outcome, must confess I found out "by mistake" while logging on to test the new account for the first time. After that, you won't be able to log on again with the "unfinished account" since the portal asks for the 2FA code and that was never initialized.

kerem closed this issue

2026-03-14 02:19:04 +03:00

kerem commented

2026-03-14 02:19:10 +03:00

Author

Owner

@wh1te909 commented on GitHub (Nov 30, 2020):

Hi yes that's normal. When a new user is created, the first time they login, since they haven't setup 2 factor yet, a temporary token is created for them which is stored in the browser's cache, that way they can access the 2 factor page to scan the barcode with their phone. And then once scanned and when click "Finish" it will take them back to login screen. But yea if you don't scan the barcode and click the finish button and just go straight to the portal then the user will show as "undefined".

You can just reset their 2 factor token by right clicking on the user and reset 2 factor, then next time they login they will be taken to the 2 factor page again to scan barcode.

@wh1te909 commented on GitHub (Nov 30, 2020): Hi yes that's normal. When a new user is created, the first time they login, since they haven't setup 2 factor yet, a temporary token is created for them which is stored in the browser's cache, that way they can access the 2 factor page to scan the barcode with their phone. And then once scanned and when click "Finish" it will take them back to login screen. But yea if you don't scan the barcode and click the finish button and just go straight to the portal then the user will show as "undefined". You can just reset their 2 factor token by right clicking on the user and reset 2 factor, then next time they login they will be taken to the 2 factor page again to scan barcode. ![reset2fa](https://user-images.githubusercontent.com/7434746/100571319-bb57cf80-3287-11eb-9015-256313490d33.png)

kerem commented

2026-03-14 02:19:15 +03:00

Author

Owner

@juaromu commented on GitHub (Nov 30, 2020):

Cool, that makes sense :-)
Thanks heaps for your answer and explanation.
Regards.

@juaromu commented on GitHub (Nov 30, 2020): Cool, that makes sense :-) Thanks heaps for your answer and explanation. Regards.