Fallback internet 2FA (Duo / Yubikey) to TOTP when no internet connection / service issues.

Hello,

I saw you also posted in this thread. Are you talking about the same scenario (the application 2FA options, located in File > Options > Security), or something else? If not, which 2FA are you talking about?

Regards,

Hello,

I saw you also posted in this thread. Are you talking about the same scenario (the application 2FA options, located in File > Options > Security), or something else? If not, which 2FA are you talking about?

Regards,

Yes I am talking about the same option but for a different reason, after I added the request I saw that other thread and figured I would comment in there to. Not sure if it would be implemented in the same way, but as long as you have more then 1 option I guess that would solve mine as well since I could have Duo and TOTP and use Duo mainly then use TOTP if Duo is not working

Hello,

The change we are planning to make in relation to the other thread is adding an option to choose whether you want to have the configured 2FA in "additive" mode (this is what happens currently where you have to enter all the configured 2FA in a row), or in "choice" mode (where you will choose one of the configured 2FA to authenticate against for the unlock process).



So with the new option, if you have all 3 of these configured, RDM will ask which you want to use for unlocking, rather than asking all of them. This should allow you to choose TOTP instead of Yubikey/Duo if you're in an environment where you don't have internet access.

Let me know if these expected changes don't cover your scenario exactly, and if it doesn't, what else you would require.

Regards,

Hubert that would be perfect. Thanks

Hello,

Just to let you know, with RDM 2022.2, the default will now be to prompt for which 2FA you want to use if you configured multiple ones under File>Options>Security. The option can be changed back to the previous mode (checking against all configured 2FA methods, rather than choosing one), and it can also be forced for all users in the System Settings or through GPO.

Regards,

Hello,

Just to let you know, with RDM 2022.2, the default will now be to prompt for which 2FA you want to use if you configured multiple ones under File>Options>Security. The option can be changed back to the previous mode (checking against all configured 2FA methods, rather than choosing one), and it can also be forced for all users in the System Settings or through GPO.

Regards,

Hubert thank you to you and your team to make this an option for users of your product.

This does solve my concern of being locked out when no internet with TOTP as a configured fallback...however there is one tedious extra step now though every time I unlock the app I am first presented with a choice now instead of my preferred method (Yubikey or Duo depending on user) being prompting right away, now we are force to choose from the dropdown each time then click ok button, just to get to the first step of unlocking....its a bit clunky.

What would be great is if it could at least remember my last used option and make that the default in the drop down menu, like each time its pushing to the dropdown to select it always reverts to TOTP as the first option, which is the one I want as my backup option only. I would imagine this would be easier to implement then what may be the preferred method of only prompting for default of Yubikey or Duo without the dropdown selection at all (skips one more step) and only offering alternate dropdown after the primary is canceled or not successful. (This would eliminate 3 separate clicks just to get to my preferred 2FA option)

Hello,

Thanks for the feedback! As you say it's easy to make it so RDM remembers what the previously used 2FA method was. I've opened a ticket to make this change, we should have it in RDM 2022.2.16.0 (not our next version, but the one after that).

Doing the same thing automatically might be more complicated but we will keep it in mind for the future. Hopefully with the choice being remembered it at least makes it much more convenient to use.

Regards,

Just letting you know that I can confirm this will be available in 2022.2.16.0, RDM will remember the previously used 2FA method.

Regards,

Just letting you know that I can confirm this will be available in 2022.2.16.0, RDM will remember the previously used 2FA method.

Regards,

Great thanks so much!