[GH-ISSUE #1395] Add 3FA support for MeshCentral #2819

New issue

Open

opened 2026-03-14 05:36:53 +03:00 by kerem · 0 comments

kerem commented

2026-03-14 05:36:53 +03:00

Owner

Originally created by @joeldeteves on GitHub (Jan 4, 2023).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/1395

Is your feature request related to a problem? Please describe.
MeshCentral has a built-in 3FA feature that allows you to mask the web login behind a secure url token in the query string e.g. https://mesh.mymeshcentral.com/login?my-super-secret-url-token

If the token is not entered correctly, then the MeshCentral login page returns a 404.

I would like to see this feature enabled on TacticalRMM to enhance the security of the MeshCentral instance.

Describe the solution you'd like
In TacticalRMM, there should be an option to specify the token in Settings in the same section where you can specify your MeshCentral URL. Likewise, this option should be added as an environment variable in the Docker images.

Describe alternatives you've considered
I tried changing my MeshCentral URL in settings to include the token however due to the way TRMM processes its own requests it ends up appending multiple question marks in the query causing the query to fail. Therefore, TRMM would need to be refactored slightly to append the added query in a separate field using &

Additional context
IMO this is a "low hanging fruit" with a large payoff in terms of security. The MeshCentral console would be much more secure if it used a token to access the login page - in addition, this should not affect the TacticalRMM integration since the token gets added to the URL.

Ylian gives a great demo of the feature here: https://www.youtube.com/watch?v=-WKY8Wy0Huk

Here is the Settings Page where I think the option should be added:

Likewise, in Docker the environment variable can be something like this: MESH_3FA_TOKEN

Originally created by @joeldeteves on GitHub (Jan 4, 2023). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/1395 **Is your feature request related to a problem? Please describe.** MeshCentral has a built-in 3FA feature that allows you to mask the web login behind a secure url token in the query string e.g. https://mesh.mymeshcentral.com/login?my-super-secret-url-token If the token is not entered correctly, then the MeshCentral login page returns a 404. I would like to see this feature enabled on TacticalRMM to enhance the security of the MeshCentral instance. **Describe the solution you'd like** In TacticalRMM, there should be an option to specify the token in Settings in the same section where you can specify your MeshCentral URL. Likewise, this option should be added as an environment variable in the Docker images. **Describe alternatives you've considered** I tried changing my MeshCentral URL in settings to include the token however due to the way TRMM processes its own requests it ends up appending multiple question marks in the query causing the query to fail. Therefore, TRMM would need to be refactored slightly to append the added query in a separate field using `&` **Additional context** IMO this is a "low hanging fruit" with a large payoff in terms of security. The MeshCentral console would be much more secure if it used a token to access the login page - in addition, this should not affect the TacticalRMM integration since the token gets added to the URL. Ylian gives a great demo of the feature here: https://www.youtube.com/watch?v=-WKY8Wy0Huk Here is the Settings Page where I think the option should be added: ![image](https://user-images.githubusercontent.com/33190570/210657952-848a2299-e137-4604-88d2-2db7375c5167.png) Likewise, in Docker the environment variable can be something like this: `MESH_3FA_TOKEN`