I am using DHIS2 version: 2.39.3.1 and Once I try to activate or turn on two factor authentication the QR Code not showed up, and I do inspect I found the below URL for QR image but it could not be open: same happened once try use demo site on version 2.38.6: DHIS 2 Demo - Sierra Leone
Note that my user now is blocked, and I can not access it due to turn it on at my account and at the same time I do not have take QR code to link it with google authenticator, and I have tried to to make my colleague to disable it from users app but unfortunately with no luck…
Thanks for the clearly written post. I am also facing the same issue; however, if you go to the dev instance (latest version) you will find that the whole process and UI has been upgraded and changed. You can read more about these changes here: [DHIS2-14555] - Jira
I will ask if this is going to be back ported or if people will need to upgrade to use this and then get back to you.
I noticed you were dealing with a 2FA issue while working on something related and wanted to share a temporary workaround until the team resolves it.
When you generate a QR code for setting up 2FA, the URL contains the secret key needed for the Time-based One-Time Password (TOTP) algorithm. That URL is the one you were able to inspect in your browser.
In this URL, the key “DA5W3YQQA7K7QMK7” is the secret used to generate one-time passwords. Typically, a user would scan the QR code with an authenticator app to set up 2FA. However, you can manually enter the secret key and your preferred account name into the Google Authenticator app instead of scanning the QR code to set up 2FA.
I hope this helps you in the meantime.
Best,
Marcos
P.S. The %3D in the URL is an encoded = sign. Be careful not to include the final “D” when copying the secret key.
@marcos.campos Thank you for your post and valuable information.
I would appreciate it if there is a workaround for version 2.39.3.1 since I have a user who has turned on 2 - 2-Factor verification without knowing the code and it looks like the user can not log in due to not getting the code…
If there is a way to disable or turn it off that’s will be great.
To disable 2FA for a specific user, an admin user with the appropriate authorities can do this. You can go to the users app, click on the user list, search for the user, and use the three-dot actions menu to disable 2FA for that user, as shown in the image.
Yes Sure I have tried this before, but unfortunately with no luck.
Under the screenshot shown with the inspect tool with error 400, note that “M5zQapPyTZI” represents user UID.
Thank you for sharing the details of the issue you’re facing. I think the best course of action is to report this problem by creating an issue in the JIRA system so that the development team can investigate and address it.
Please use the following link to create a new issue: Create JIRA Issue
Provide all the relevant details and screenshots you have shared, including the error messages and the version of DHIS2 you are using.
If you need further assistance, please let us know.