starred/tacticalrmm
1
0
Fork 0
mirror of https://github.com/amidaware/tacticalrmm.git synced 2026-04-26 06:55:52 +03:00
Code Issues 919 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #618] Feature: use login token for meshcentral integration #396

New issue
Open
opened 2026-03-02 02:16:02 +03:00 by kerem · 5 comments
kerem commented 2026-03-02 02:16:02 +03:00
Owner
Copy link

Originally created by @bbrendon on GitHub (Jul 4, 2021).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/618

I would like to require mesh to have 2fa enabled ("force2factor": true) but not break the integration with tactical.

Mesh has the ability to force 2fa but enabling it breaks the integration with tactical. From my understanding, in order to to resolve this tactical can use login tokens for the mesh API.
https://github.com/Ylianst/MeshCentral/issues/2859#issuecomment-873631301

Originally created by @bbrendon on GitHub (Jul 4, 2021). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/618 I would like to require mesh to have 2fa enabled ("force2factor": true) but not break the integration with tactical. Mesh has the ability to force 2fa but enabling it breaks the integration with tactical. From my understanding, in order to to resolve this tactical can use login tokens for the mesh API. https://github.com/Ylianst/MeshCentral/issues/2859#issuecomment-873631301
kerem commented 2026-03-02 02:16:03 +03:00
Author
Owner
Copy link

@wh1te909 commented on GitHub (Jul 21, 2021):

tactical is already using login tokens that's how we integrate with mesh

i just tried adding "force2factor": true to my config.json, restarted mesh and confirmed didn't break anything. iframe integration still works. but when trying to login now with just username/pass from the mesh login screen, am prompted for 2 factor. not sure why it's breaking for you, can you post your config.json

<!-- gh-comment-id:883822433 --> @wh1te909 commented on GitHub (Jul 21, 2021): tactical is already using login tokens that's how we integrate with mesh i just tried adding `"force2factor": true` to my config.json, restarted mesh and confirmed didn't break anything. iframe integration still works. but when trying to login now with just username/pass from the mesh login screen, am prompted for 2 factor. not sure why it's breaking for you, can you post your config.json
kerem commented 2026-03-02 02:16:03 +03:00
Author
Owner
Copy link

@bbrendon commented on GitHub (Jul 21, 2021):

Sorry, I should have been more specific...

There is an auth-popup with breaks the seamlessness of the integration.

Also, even though I'm logged into the mesh interface using 2fa in one browser tab, when I go to Tactical and it opens a mesh iframe, I get this...

image

So maybe the admin account needs 2fa? And the 2fa sign-up QR Code needs to be saved and sent to all the users? But then that goes back to sharing accounts which kind of defeats the purpose.

All of this seems backwards. It seems like each user should input their mesh API token into Tactical that creates the integration.

{
  "settings": {
    "Cert": " . .com",
    "MongoDb": "mongodb://127.0.0.1:27017",
    "MongoDbName": "meshcentral",
    "WANonly": true,
    "Minify": 1,
    "Port": 4430,
    "AliasPort": 443,
    "RedirPort": 800,
    "AllowLoginToken": true,
    "AllowFraming": true,
    "_AgentPing": 60,
    "AgentPong": 200,
    "AllowHighQualityDesktop": true,
    "TlsOffload": "127.0.0.1",
    "agentCoreDump": false,
    "Compression": true,
    "WsCompression": true,
    "AgentWsCompression": true,
    "MaxInvalidLogin": { "time": 5, "count": 5, "coolofftime": 30 }
  },
  "domains": {
    "": {
      "Title": "  RMM",
      "Title2": "  RMM",
      "NewAccounts": false,
      "CertUrl": "https:// .com:443/",
      "GeoLocation": true,
      "CookieIpCheck": false,
      "mstsc": true,
      "PasswordRequirements": {         "force2factor": true       }
    }
  }
}
<!-- gh-comment-id:884364227 --> @bbrendon commented on GitHub (Jul 21, 2021): Sorry, I should have been more specific... There is an auth-popup with breaks the seamlessness of the integration. Also, even though I'm logged into the mesh interface using 2fa in one browser tab, when I go to Tactical and it opens a mesh iframe, I get this... ![image](https://user-images.githubusercontent.com/6364477/126533192-f360ec1a-b9e7-490b-af99-abe3d6570bd9.png) So maybe the admin account needs 2fa? And the 2fa sign-up QR Code needs to be saved and sent to all the users? But then that goes back to sharing accounts which kind of defeats the purpose. All of this seems backwards. It seems like each user should input their mesh API token into Tactical that creates the integration. ``` { "settings": { "Cert": " . .com", "MongoDb": "mongodb://127.0.0.1:27017", "MongoDbName": "meshcentral", "WANonly": true, "Minify": 1, "Port": 4430, "AliasPort": 443, "RedirPort": 800, "AllowLoginToken": true, "AllowFraming": true, "_AgentPing": 60, "AgentPong": 200, "AllowHighQualityDesktop": true, "TlsOffload": "127.0.0.1", "agentCoreDump": false, "Compression": true, "WsCompression": true, "AgentWsCompression": true, "MaxInvalidLogin": { "time": 5, "count": 5, "coolofftime": 30 } }, "domains": { "": { "Title": " RMM", "Title2": " RMM", "NewAccounts": false, "CertUrl": "https:// .com:443/", "GeoLocation": true, "CookieIpCheck": false, "mstsc": true, "PasswordRequirements": { "force2factor": true } } } } ```
kerem commented 2026-03-02 02:16:03 +03:00
Author
Owner
Copy link

@bbrendon commented on GitHub (Sep 23, 2021):

I just noticed this issue which might be related. https://github.com/wh1te909/tacticalrmm/issues/182

<!-- gh-comment-id:926236725 --> @bbrendon commented on GitHub (Sep 23, 2021): I just noticed this issue which might be related. https://github.com/wh1te909/tacticalrmm/issues/182
kerem commented 2026-03-02 02:16:03 +03:00
Author
Owner
Copy link

@dinger1986 commented on GitHub (Oct 11, 2021):

A decent work round for now is:

  1. Create a user on mesh
  2. Take them through logging into mesh
  3. Get them to setup mfa
  4. As an admin go into user settings, click on User (far right on username).
  5. Tick Box Lock Account Settings

They now can’t disable MFA

<!-- gh-comment-id:940400617 --> @dinger1986 commented on GitHub (Oct 11, 2021): A decent work round for now is: 1. Create a user on mesh 2. Take them through logging into mesh 3. Get them to setup mfa 4. As an admin go into user settings, click on User (far right on username). 5. Tick Box Lock Account Settings They now can’t disable MFA
kerem commented 2026-03-02 02:16:03 +03:00
Author
Owner
Copy link

@fts-tmassey commented on GitHub (Apr 11, 2022):

Sorry: this isn't the right issue for this, though it is relevant. Moved comment to https://github.com/amidaware/tacticalrmm/issues/182#issuecomment-1095422533

tl;dr: Adding PR #981 allows admin to manage remote control permissions for the techs individually; adding ability to add mesh_device_group to site in addition to globally allows TRMM to automatically put the device in the right Mesh group, which gives you 100% permission control with zero ongoing manual effort.

Sorry for the extra noise. Too many open tabs! :)

<!-- gh-comment-id:1095414098 --> @fts-tmassey commented on GitHub (Apr 11, 2022): Sorry: this isn't the right issue for this, though it is relevant. Moved comment to https://github.com/amidaware/tacticalrmm/issues/182#issuecomment-1095422533 tl;dr: Adding PR #981 allows admin to manage remote control permissions for the techs individually; adding ability to add mesh_device_group to site in addition to globally allows TRMM to automatically put the device in the right Mesh group, which gives you 100% permission control with zero ongoing manual effort. Sorry for the extra noise. Too many open tabs! :)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
master
1.0.0
v1.4.0
v1.3.1
v1.3.0
v1.2.0
v1.1.0
v1.0.0
v0.20.1
v0.20.0
v0.19.4
v0.19.3
v0.19.2
v0.19.1
v0.19.0
v0.18.2
v0.18.1
v0.18.0
v0.17.5
v0.17.4
v0.17.3
v0.17.2
v0.17.1
v0.17.0
v0.16.5
v0.16.4
v0.16.3
v0.16.2
v0.16.1
v0.16.0
v0.15.12
v0.15.11
v0.15.10
v0.15.9
v0.15.8
v0.15.7
v0.15.6
v0.15.5
v0.15.4
v0.15.3
v0.15.2
v0.15.1
v0.15.0
v0.14.8
v0.14.7
v0.14.6
v0.14.5
v0.14.4
v0.14.3
v0.14.2
v0.14.1
v0.14.0
v0.13.4
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.4
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.3
v0.11.2
v0.11.1
v0.11.0
v0.10.5
v0.10.4
v0.10.3
v0.10.2
v0.10.1
v0.10.0
v0.9.2
v0.9.1
v0.9.0
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.15
v0.6.14
v0.6.13
v0.6.12
v0.6.11
v0.6.10
v0.6.9
v0.6.8
v0.6.7
v0.6.6
v0.6.5
v0.6.4
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.32
v0.4.31
v0.4.30
v0.4.29
v0.4.28
v0.4.27
v0.4.26
v0.4.25
v0.4.24
v0.4.23
v0.4.22
v0.4.21
v0.4.20
v0.4.19
v0.4.18
v0.4.17
v0.4.16
v0.4.15
v0.4.14
v0.4.13
v0.4.12
v0.4.11
v0.4.10
v0.4.9
v0.4.8
v0.4.7
v0.4.6
v0.4.5
v0.4.4
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.3
v0.3.2
v0.3.1
v0.3.0
v0.2.23
v0.2.22
v0.2.21
v0.2.20
v0.2.19
v0.2.18
v0.2.17
v0.2.16
v0.2.15
v0.2.14
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.8
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
In Process

   
bug

   
bug

   
dev-triage

   
documentation

   
duplicate

   
enhancement

   
fixed

   
good first issue

   
help wanted

   
integration

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
requires agent update

   
security

   
ui tweak

   
wontfix
No labels
In Process
bug
bug
dev-triage
documentation
duplicate
enhancement
fixed
good first issue
help wanted
integration
invalid
pull-request
question
requires agent update
security
ui tweak
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/tacticalrmm#396
No description provided.