diff --git a/src/interfaces/Account.ts b/src/interfaces/Account.ts index 5e4b56c9f..b76b09b68 100644 --- a/src/interfaces/Account.ts +++ b/src/interfaces/Account.ts @@ -28,6 +28,7 @@ export interface Account { auto_update_version: string; auto_update_always: boolean; local_auth_disabled?: boolean; + local_mfa_enabled?: boolean; ipv6_enabled_groups?: string[]; network_range_v6?: string; }; diff --git a/src/modules/settings/AuthenticationTab.tsx b/src/modules/settings/AuthenticationTab.tsx index 40a37c150..c679c67ae 100644 --- a/src/modules/settings/AuthenticationTab.tsx +++ b/src/modules/settings/AuthenticationTab.tsx @@ -7,6 +7,7 @@ import { Input } from "@components/Input"; import { Label } from "@components/Label"; import { notify } from "@components/Notification"; import Paragraph from "@components/Paragraph"; +import { SmallBadge } from "@components/ui/SmallBadge"; import { Select, SelectContent, @@ -22,6 +23,7 @@ import { cn } from "@utils/helpers"; import { CalendarClock, ExternalLinkIcon, + KeyRound, ShieldIcon, ShieldUserIcon, TimerResetIcon, @@ -66,6 +68,15 @@ export default function AuthenticationTab({ account }: Readonly) { }, ); + // Local MFA (UI only, not wired to the backend yet) + const [isLocalMFAEnabled, setIsLocalMFAEnabled] = useState(() => { + try { + return account?.settings?.local_mfa_enabled || false; + } catch (error) { + return false; + } + }); + // Peer Expiration const [ loginExpiration, @@ -105,6 +116,7 @@ export default function AuthenticationTab({ account }: Readonly) { peerInactivityExpirationEnabled, peerInactivityExpiresIn, peerInactivityExpireInterval, + isLocalMFAEnabled, ]); const saveChanges = async () => { @@ -129,6 +141,7 @@ export default function AuthenticationTab({ account }: Readonly) { peer_approval_enabled: peerApproval, user_approval_required: userApprovalRequired, }, + local_mfa_enabled: isLocalMFAEnabled }, } as Account) .then(() => { @@ -213,6 +226,39 @@ export default function AuthenticationTab({ account }: Readonly) { /> + {!account.settings.local_auth_disabled && account.settings.embedded_idp_enabled ? + ( +
+ + + Enable Local MFA + + + } + helpText={ + <> + Require multi-factor authentication for users +
+ authenticating with local credentials. + + } + disabled={!permission.settings.update} + /> +
+ ) : null + } + +