Skip to Content
Odoo Menu
  • Sign in
  • Try it free
  • Apps
    Finance
    • Accounting
    • Invoicing
    • Expenses
    • Spreadsheet (BI)
    • Documents
    • Sign
    Sales
    • CRM
    • Sales
    • POS Shop
    • POS Restaurant
    • Subscriptions
    • Rental
    Websites
    • Website Builder
    • eCommerce
    • Blog
    • Forum
    • Live Chat
    • eLearning
    Supply Chain
    • Inventory
    • Manufacturing
    • PLM
    • Purchase
    • Maintenance
    • Quality
    Human Resources
    • Employees
    • Recruitment
    • Time Off
    • Appraisals
    • Referrals
    • Fleet
    Marketing
    • Social Marketing
    • Email Marketing
    • SMS Marketing
    • Events
    • Marketing Automation
    • Surveys
    Services
    • Project
    • Timesheets
    • Field Service
    • Helpdesk
    • Planning
    • Appointments
    Productivity
    • Discuss
    • Approvals
    • IoT
    • VoIP
    • Knowledge
    • WhatsApp
    Third party apps Odoo Studio Odoo Cloud Platform
  • Industries
    Retail
    • Book Store
    • Clothing Store
    • Furniture Store
    • Grocery Store
    • Hardware Store
    • Toy Store
    Food & Hospitality
    • Bar and Pub
    • Restaurant
    • Fast Food
    • Guest House
    • Beverage Distributor
    • Hotel
    Real Estate
    • Real Estate Agency
    • Architecture Firm
    • Construction
    • Property Management
    • Gardening
    • Property Owner Association
    Consulting
    • Accounting Firm
    • Odoo Partner
    • Marketing Agency
    • Law firm
    • Talent Acquisition
    • Audit & Certification
    Manufacturing
    • Textile
    • Metal
    • Furnitures
    • Food
    • Brewery
    • Corporate Gifts
    Health & Fitness
    • Sports Club
    • Eyewear Store
    • Fitness Center
    • Wellness Practitioners
    • Pharmacy
    • Hair Salon
    Trades
    • Handyman
    • IT Hardware & Support
    • Solar Energy Systems
    • Shoe Maker
    • Cleaning Services
    • HVAC Services
    Others
    • Nonprofit Organization
    • Environmental Agency
    • Billboard Rental
    • Photography
    • Bike Leasing
    • Software Reseller
    Browse all Industries
  • Community
    Learn
    • Tutorials
    • Documentation
    • Certifications
    • Training
    • Blog
    • Podcast
    Empower Education
    • Education Program
    • Scale Up! Business Game
    • Visit Odoo
    Get the Software
    • Download
    • Compare Editions
    • Releases
    Collaborate
    • Github
    • Forum
    • Events
    • Translations
    • Become a Partner
    • Services for Partners
    • Register your Accounting Firm
    Get Services
    • Find a Partner
    • Find an Accountant
      • Get a Tailored Demo
    • Implementation Services
    • Customer References
    • Support
    • Upgrades
    Github Youtube Twitter Linkedin Instagram Facebook Spotify
    +32 2 290 34 90
    • Get a Tailored Demo
  • Pricing
  • Help
  1. APPS
  2. Extra Tools
  3. 2FA Security Policies v 19.0
  4. Sales Conditions FAQ

2FA Security Policies

by EDSI SAS https://ed-si.fr
Odoo

$ 22.80

v 19.0 Third Party
Apps purchases are linked to your Odoo account, please sign in or sign up first.
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Lines of code 1154
Technical Name edsi_totp_policy
LicenseLGPL-3
Websitehttps://ed-si.fr
Module: edsi_totp_policy Version: 19.0.1.0.0 Publisher: EDSI SAS License: LGPL-3
Compliance Module · Odoo 19 · Extends edsi_totp_auth

2FA Security Policies for Odoo
Enforce, Track & Audit 2FA Compliance

Define per-group enforcement rules, track adoption in real time, and generate a full audit log — all from a native Odoo interface. Works with any existing 2FA setup.

Mandatory enforcement Grace periods with countdown Real-time dashboard Full audit log Brute-force protection
★ One-time purchase — no subscription, yours forever
Up and running in 3 steps

No developer required. Install, configure, done.

1
Install the module
Works on top of Odoo's built-in auth_totp. Compatible with edsi_totp_auth — no conflicts, fully complementary.
2
Create security policies
Target any Odoo user group. Choose mandatory enforcement, a grace period, or a warning banner. Exclude specific users in one click.
3
Monitor & enforce
The live dashboard shows compliance rates instantly. Send reminders to non-compliant users in one click.

Three pillars of 2FA compliance

Enforce, track, and prove compliance — without writing a single line of code.

1

Granular per-group enforcement

Target any combination of Odoo user groups — accountants, administrators, sales teams, and more. Three enforcement modes: mandatory (login blocked immediately), grace period (N-day countdown before blocking), and warning only (persistent banner with no block). Each policy is independent and stackable.

Mandatory mode Grace period Warning banner Per-user exclusions
2

Real-time compliance dashboard

A live OWL dashboard shows adoption rate, logins today, rate-limited attempts, and a list of non-compliant users — all in a single view. Per-group statistics and trend graphs let you prove compliance to auditors without exporting a single spreadsheet.

Adoption rate KPI Trend graphs Non-compliant user list One-click reminders
3

Full audit log & brute-force protection

Every authentication attempt is logged with user, method, IP address, user-agent, and outcome. Configurable rate-limiting blocks brute-force attacks — set the lockout threshold and cooldown period with no external service required.

Attempt audit trail IP-based blocking Cooldown periods No external service
PRICING

One purchase. Yours forever.

No monthly fee, no annual renewal, no hidden costs. Buy once and use the module indefinitely on your Odoo instance.

✓ Single one-time payment ✓ No subscription required ✓ No external service fees ✓ Lifetime use on your instance
Why "enable 2FA" is not enough

Odoo lets users opt in to 2FA — but nothing forces them to. That's a compliance gap.

Without Policy Enforcement

Users can skip 2FA entirely — and most will
No visibility on which users haven't secured their accounts
No audit trail to present to compliance auditors
Brute-force attacks go undetected and unlimited
NIS2, ISO 27001 and cyber insurance requirements unmet

With 2FA Security Policies

2FA enforced per group — no exceptions unless explicitly excluded
Live adoption dashboard — know your exposure in real time
Full attempt log with IP, method, timestamp and outcome
Configurable rate-limiting blocks brute-force attacks
Demonstrable compliance for NIS2, ISO 27001 and auditors

All features at a glance

A complete compliance layer built natively for Odoo, requiring no external paid service.

POLICY
Group Security Policies
Enforce 2FA by user group with three modes: mandatory (block immediately), grace period (N-day countdown), or warning-only banner. Policies are stackable and independent.
GRACE PERIOD
Per-User Grace Period Tracking
Each user's grace period starts individually from their first non-compliant login. A countdown banner keeps them informed until blocking kicks in.
DASHBOARD
Real-Time Compliance Dashboard
Live OWL dashboard — adoption rate, successful logins today, rate-limited attempts, and non-compliant user list. Refreshes instantly.
ANALYTICS
Adoption Statistics
Daily cron records total users, 2FA-enabled count and adoption rate over time. Built-in graph and pivot views for trend analysis.
AUDIT
Full Authentication Audit Log
Every 2FA attempt logged with user, method, IP address, user-agent, failure reason, and rate-limit flag. Filterable and exportable.
SECURITY
Rate Limiting & IP Blocking
Configurable brute-force protection: max failed attempts, lockout duration, optional IP-based blocking. No external service required.
NOTIFICATIONS
Automated Email Reminders
Send policy reminders to all non-compliant users in one click, or let the system notify them automatically with grace period countdowns.
COMPATIBILITY
Works with Any 2FA Setup
Built on top of auth_totp. Fully compatible with the companion edsi_totp_auth module (multi-method 2FA) or with Odoo's built-in TOTP alone.
I18N
6 Languages Included
Full translations for French, Spanish, German, Italian and Dutch — in addition to English. Loaded automatically with no extra configuration.

See it in action

Screenshots from a live Odoo 19 instance.

Access Dashboard, Statistics & Security Policies from the Settings menu:

Where to find the 2FA dashboard, statistics and security policies in Odoo Settings
① Dashboard & Statistics
Real-time 2FA compliance dashboard showing adoption rate and non-compliant user list

Real-time dashboard — adoption rate, daily logins and non-compliant user list.

2FA adoption statistics with trend graph and compliance breakdown by group

Adoption statistics — daily trend graph and breakdown by user group.

② Security Policies
Security policies list showing all configured group enforcement rules

Policies overview — all configured enforcement rules at a glance.

Security policy form showing enforcement type, grace period and target user groups

Policy editor — target group, enforcement level, grace period and exclusions.


Three enforcement modes — one per use case

Apply the right pressure to each group, from gentle reminder to hard block.

MANDATORY
Hard Block
Users without 2FA enabled cannot log in at all. Login is immediately blocked until 2FA is configured. Ideal for administrators, accountants, and any privileged roles.
GRACE PERIOD
Countdown with Deadline
Users can still log in during the grace period, but see a banner with a countdown showing days remaining. After the deadline, the account is blocked — just like mandatory mode.
WARNING ONLY
Soft Reminder
Login is always allowed, but users see a persistent info banner encouraging them to enable 2FA. Use for non-critical groups where you want to nudge, not block.
Compatibility & Requirements

Currently built and tested for Odoo 19. Ports to 17 & 18 are on the roadmap.

Odoo 16
Not planned
Odoo 17
Planned
Roadmap — Q3 2025
Odoo 18
Planned
Roadmap — Q3 2025
Odoo 19
✓ Supported
Current version
Odoo module dependencies
auth_totp mail web auth_signup base
Optional companion: edsi_totp_auth — adds multi-method 2FA (email OTP, SMS, backup codes, passkeys)
Installation & Setup

Self-hosted or Odoo.sh — no command line, no extra server configuration.

Installation

  1. Download the module ZIP from the Odoo App Store
  2. Upload via Settings → Apps → Upload Module, or drop it in your addons folder
  3. Click Install in the Apps list — auth_totp is pulled automatically
  4. Navigate to Settings → 2FA Security to create your first policy

Post-install configuration

  • Go to Settings → 2FA Security → Security Policies
  • Create a policy, select the target user group(s)
  • Choose the enforcement type and grace period (if applicable)
  • Configure rate limiting via Security Configuration
  • Monitor adoption from the Dashboard

Who is this for?

Any company running Odoo that needs to prove 2FA compliance — not just enable it.

SMBs & Enterprises
Enforce 2FA across all staff without IT overhead — works out of the box
Regulated Industries
Finance, healthcare, legal — produce audit evidence for NIS2 & ISO 27001
Odoo Integrators
Deliver a production-ready compliance layer to every client at a fixed one-time cost
Cyber Insurance
Demonstrate enforced MFA across your entire ERP user base to insurers
Built for security. Built for compliance.
GDPR & NIS2 Ready Audit logs and enforced 2FA satisfy regulatory access-control requirements out of the box No Third-Party Dependency Runs entirely on your Odoo instance — no SaaS subscription, no external API required Native Odoo Integration Extends auth_totp — no UI overrides, no conflicts with other modules
6 Languages, Zero Configuration English, French, Spanish, German, Italian and Dutch — active out of the box OWL-Powered Dashboard Live dashboard built with Odoo's modern OWL framework — fast, native, no external dependency Row-Level Security ir.rule records ensure users only see their own attempt logs — full data isolation
Frequently Asked Questions
Does this module provide 2FA methods itself?
No — it is a policy and compliance layer. It enforces and audits 2FA but relies on Odoo's built-in auth_totp for the actual authentication. For additional methods (email OTP, SMS OTP, backup codes, passkeys), install the companion module edsi_totp_auth.
Is this a subscription or a one-time purchase?
It is a one-time purchase. You pay once and own the module permanently — no annual renewal, no monthly fee.
Can I enforce 2FA for some groups but not others?
Yes — that is the core feature. Each policy targets one or more Odoo user groups and can have a different enforcement mode (mandatory, grace period, or warning only). You can also exclude specific users from any policy.
What happens to users who are blocked? Can an admin unblock them?
Blocked users cannot log in until they enable 2FA. Administrators can either exclude the user from the policy or reset their 2FA status from the user form. Rate-limited users are automatically unblocked after the configured lockout period.
Does it work with Odoo SaaS / Odoo.sh?
Designed for self-hosted and Odoo.sh deployments. Odoo SaaS (odoo.com) does not support third-party module installation.
Changelog

Actively maintained — new features and fixes shipped regularly.

v1.0.0
2026
  • Group-based security policies — mandatory, grace period, and warning modes
  • Per-user grace period tracking with individual countdown banners
  • Real-time OWL compliance dashboard with adoption KPIs
  • Daily statistics cron — adoption rate, trend graphs, pivot view
  • Full authentication attempt audit log (user, method, IP, user-agent, outcome)
  • Configurable brute-force rate limiting with optional IP blocking
  • Automated email reminders to non-compliant users
  • Translations: fr, es, de, it, nl

Support & Maintenance

Your purchase includes everything below — no separate support contract needed.

📧
Email Support
Reach us at contact@ed-si.fr. We respond to bug reports and installation questions within 2 business days.
🔄
Free Updates
All minor updates and bug fixes for the purchased major version are included at no extra cost — forever.
🛡️
Security Patches
Security-related fixes are published as priority patches and announced to all buyers by email.
🗺️
Roadmap Transparency
Odoo 17 & 18 ports are planned. Buyers of v19 get the corresponding version at a discounted upgrade price.

Know exactly who has 2FA — and enforce it.

Add enterprise-grade 2FA enforcement and compliance tracking to your Odoo deployment in minutes. No external services. No subscription. One purchase, forever yours.

Published by EDSI SAS ed-si.fr contact@ed-si.fr Version 19.0.1.0.0

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author or have a question related to your purchase, please use the support page.
Community
  • Tutorials
  • Documentation
  • Forum
Open Source
  • Download
  • Github
  • Runbot
  • Translations
Services
  • Odoo.sh Hosting
  • Support
  • Upgrade
  • Custom Developments
  • Education
  • Find an Accountant
  • Find a Partner
  • Become a Partner
About us
  • Our company
  • Brand Assets
  • Contact us
  • Jobs
  • Events
  • Podcast
  • Blog
  • Customers
  • Legal • Privacy
  • Security

Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc.

Odoo's unique value proposition is to be at the same time very easy to use and fully integrated.

Website made with