Administrators defined in the database using the pi-manage.py command, how can i force that user login webui with privacy mode, using 2fa ?
I already config login_mode = PrivacyIDEA and all user from ldap or ad can login webui with 2fa but Administrators is not.
Please drop a note, if this article is not clear
https://privacyidea.readthedocs.io/en/latest/faq/admins.html
and if so, where it needs improvement.
Thank you guy, I Almost clear it sorry I don’t see these docs before. But my problem now is after I create the new admin realm.
For example:In the realm Admin, I created 2 users A and B, now user A can change the information of user B (including password) and vice versa.
Is there a way every user can only change their own information?
This is the idea of “admins”, that they can change user data, right?
“Users” can only change their own data.
Nope, let’s me explain more.
Before that, I have a realm but it’s just realm normal with LDAP resolvers. I have no problem with those users since they don’t have admin rights. After reading the docs that you have given (as shown below)
I have created an administrative realm that the users in there can access the webui with the admin role. And now the problem as I mentioned above, is that the users in this realm admin can change each other’s information, which is really bad if one of them has bad intentions.
I asked if there is a way that they can only change their information and not change the information of another admin?
I understood you correctly. This is by design.
You could - with some effort - avoid this. But going into the very depth of access rights and policies is out of scope of this forum. At least for me.
You should think about, why do you have write access on the resolvers anyways in the first place.
I understand what you are saying, this is a question as well as a suggestion for better application. Thank you very much @cornelinux .