One of our users enabled two-factor authentication and then he lost his cell phone. How can we disable MFA for his account so that he can log in again?
Thanks!
Hi!
Don’t know if we have an interface for this but the code that checks for 2FA is here: https://github.com/getsentry/sentry/blob/b9f60c9086e17eb2ad00e672fb51e8243080181b/src/sentry/models/authenticator.py#L124-L129
Based on this, if you can run sentry shell on your host machine and then do something along the lines of
from sentry.models.user import User
my_user = User.get(user_id)
Authenticator.objects.filter(
user=my_user, type__in=[a.type for a in available_authenticators(ignore_backup=True)]
).delete()
It should work. Is this too dangerous @matt?
Hey,
There’s an interface for this. An organization owner or manager can reset a member’s 2fa on the Organization Settings > Members page. You’ll need to click into the user and then click Reset two-factor authentication. More info here: https://blog.sentry.io/2019/04/11/5-sentry-settings-problems-to-solve#resetting-two-factor-authentication
1 Like
Nice! Just want to add that the interface is available for versions v9.1.1 and later?
We’re using v9.0.0, and don’t have the option to reset MFA via the web UI.
1 Like
@BYK we ended up deleting the account and re-creating it, so we didn’t get a chance to test your method. It may be helpful for people who can’t have the option to delete an account though.