By: Milind Soni user 12 Jun 2020 at 8:29 a.m. CDT

4 Responses
Milind Soni gravatar
Hello, I'm currently using gluu-server-3.1.2 with 2FA and managing users using SCIM API. I wanted to add 2FA only for some users and want to ignore 2FA for all other user's. Is it possible to create a user with 2FA without setting 2FA as a default authentication method?

By Michael Schwartz staff 12 Jun 2020 at 9:44 a.m. CDT

Michael Schwartz gravatar
Check out the [line 114 of duo script](https://github.com/GluuFederation/oxAuth/blob/master/Server/integrations/duo/DuoExternalAuthenticator.py#L114): And then the [getCountAuthenticationSteps method](https://github.com/GluuFederation/oxAuth/blob/master/Server/integrations/duo/DuoExternalAuthenticator.py#L193) If you don't want to use LDAP groups, you could use an attribute of the user. Another solution would be to upgrade to 4.1.1, use Casa, and let the user set their own policy regarding 2FA.

By Aliaksandr Samuseu staff 12 Jun 2020 at 10:50 a.m. CDT

Aliaksandr Samuseu gravatar
Hi, Milind. Michael basically nailed it - you can either customize your person auth script and add some checks which will skip the Duo part based on some attribute on a user. Or use Casa in 4.1.1 which has such feature as well. I don't think we will be able to offer much support with the former approach though - script writting isn't covered by Community Support. Let me know if you'll have any questions after you'll have considered these options.

By Milind Soni user 15 Jun 2020 at 1:43 a.m. CDT

Milind Soni gravatar
Thank You @Michael.Schwartz and @Aliaksandr.Samuseu Got my answer.

By Aliaksandr Samuseu staff 15 Jun 2020 at 11:12 a.m. CDT

Aliaksandr Samuseu gravatar
You're welcome. Closing the ticket.