Sergio•2mo ago

Forced mfa but root user doesnt have it

I enabled MFA forcing for local users but my sole local admin user, zitadel-admin@zitadel.zitadel.<mydomain>, doesn't have it so when I try to login I get Errors.Login.LoginPolicy.MFA.ForceAndNotConfigured and am now locked out.

1 Reply

SergioOP•2mo ago

fixed it I had to do:

docker exec zitadel-db psql -U postgres -d zitadel -c "SELECT aggregate_id, force_mfa, force_mfa_local_only FROM projections.login_policies5;"
  ⎿      aggregate_id    | force_mfa | force_mfa_local_only 
     --------------------+-----------+----------------------
      328440731553234947 | f         | f


docker exec zitadel-db psql -U postgres -d zitadel -c "UPDATE projections.login_policies5 SET force_mfa_local_only = false WHERE aggregate_id =
      '328375754368745…

docker exec zitadel-db psql -U postgres -d zitadel -c "SELECT aggregate_id, force_mfa, force_mfa_local_only FROM projections.login_policies5 WHERE
      aggregate_id…
  ⎿      aggregate_id    | force_mfa | force_mfa_local_only 
     --------------------+-----------+----------------------
      328375754368745503 | f         | f

docker exec zitadel-db psql -U postgres -d zitadel -c "SELECT aggregate_id, force_mfa, force_mfa_local_only FROM projections.login_policies5;"
  ⎿      aggregate_id    | force_mfa | force_mfa_local_only 
     --------------------+-----------+----------------------
      328440731553234947 | f         | f


docker exec zitadel-db psql -U postgres -d zitadel -c "UPDATE projections.login_policies5 SET force_mfa_local_only = false WHERE aggregate_id =
      '328375754368745…

docker exec zitadel-db psql -U postgres -d zitadel -c "SELECT aggregate_id, force_mfa, force_mfa_local_only FROM projections.login_policies5 WHERE
      aggregate_id…
  ⎿      aggregate_id    | force_mfa | force_mfa_local_only 
     --------------------+-----------+----------------------
      328375754368745503 | f         | f

Forced mfa but root user doesnt have it

Did you find this page helpful?