Forced Two-Factor Authentication (2FA)

This module enforces two-factor authentication (2FA) for all users in Odoo. Users cannot log in without setting up TOTP authentication, and must enter a verification code on every login.

Key features include:

• Mandatory 2FA: All users (except admin) must configure TOTP to access the system
• TOTP Setup: Automatic redirect to QR code setup page for users without 2FA configured
• Universal Compatibility: Works with Google Authenticator, Microsoft Authenticator, Authy, and any TOTP-compatible app
• No Trusted Devices: Users must enter verification code on every login for maximum security

How It Works

First Login (TOTP Setup)

1. User enters login and password
2. System redirects to TOTP setup page with QR code
3. User scans QR code with authenticator app
4. User enters 6-digit verification code
5. TOTP is activated and user is logged in

Subsequent Logins

1. User enters login and password
2. System prompts for TOTP verification code
3. User enters 6-digit code from authenticator app
4. User is logged in

Security Features

• TOTP Standard (RFC 6238):
  • Algorithm: SHA1
  • Code length: 6 digits
  • Time step: 30 seconds
  • Secret size: 160 bits
• Forced Authentication:
  • No bypass option for regular users
  • Admin (base.user_root) can be excluded
  • No "remember device" feature

Bug Tracker

Bugs are tracked on https://kitworks.systems/requests. In case of trouble, please check there if your issue has already been reported.

Maintainer

KitWorks Systems. Our web site: https://kitworks.systems

We can provide you further Odoo Support, Odoo implementation, Odoo customization, Odoo 3rd Party development and integration software, consulting services. Our main goal is to provide the best quality product for you.

For any questions contact us.