User unable to setup 2FA

  • Resolved russr999

    (@russr999)


    4 years, 9 months ago

    Hi,

    I’ve enabled this plugin which is perfect and unlike a lot of others, we can apply it to all roles/users. My problem is when a user logs in to the dashboard but does not have manage_options permissions then are unable to setup 2FA on their account. When they go to their profile and try to “Configure Two-factor authentication (2FA)” they get the message:
    You do not have sufficient permissions to access this admin page.

    Reason: The user “username” doesn’t have the “manage_options” capability that is required to access the “Settings” menu item.

    Please help!! How can I have a user who is able to log in but does not have rights to “manage_options” be able to setup their 2FA? Can the setup page/wizard be moved frim under options/settings to the main menu – would that solve my permissions issue?
    Hoping to go live with my site over the weekend so hoping its an easy fix.

    Thanks,
    Rory

    • This topic was modified 4 years, 9 months ago by russr999.
    • This topic was modified 4 years, 9 months ago by russr999.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor robertabela

    (@robert681)

    Hello @russr999

    Thank you for the positive comments about our plugin.

    Users do not need to have the “manage_options” capability to setup their 2FA. That is only needed by you, the admin, to configure the 2FA plugin settings and policies.

    Users configure 2FA from their profile page as explained in configuring 2FA on WordPress.

    I hope this helps. Should you need any additional information please do not hesitate to ask.

    Thread Starter russr999

    (@russr999)

    Hi Robert, thank you for the reply and apologies as I may not have explained myself correctly.
    When a user clicks on “My Profile” it loads their own profile page (profile.php).
    On this page at the bottom is where they can configure their 2FA for their account.
    When a normal user (without manage_options) clicks Configure Two-Factor authentication which will allow them to setup their own account for 2FA, they get the error messsage.

    I’ve attached a screenshot of what the user sees and clicks and then the error message they get.

    Screenshot here

    Hope this makes sense.

    Thanks,
    Rory

    Plugin Contributor robertabela

    (@robert681)

    Thank you for your update @russr999

    However, there is certainly something else tempering with this. All the users with the default WordPress roles can configure 2FA from their profile page and front-end pages without any issues. None of the user roles, apart from the administrator has access this privilege.

    So for some reason, on your website, when a user tries to configure 2FA they are required to have this privilege. By any chance do you have a theme that is also modifying the WordPress dashboard? From the screenshot it seems like that is the case.

    If this is the case, you can do a quick test; can you switch to the default theme and try again?

    Looking forward to hearing from you.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘User unable to setup 2FA’ is closed to new replies.