My project is enabled to force two-factor authentication, but there are users who cannot use their cell phone and email to authenticate. How can I make PHPMaker ignore these users so that they cannot go through the two-factor authentication process?
Then you should not enable “Forced 2FA”.
However, I cannot allow this, as all users, except for a few, are required to use two-factor authentication. Those exempt are in restricted areas where access to email and cell phones is not allowed. Other users will need to complete the setup. Without enforcing this requirement, users could disable two-factor authentication on their own. This is necessary because not all users are part of the company; some are external users, and, according to security standards, everyone must use two-factor authentication, with exceptions only for those in areas where email and cell phone access is prohibited.
You may try to create your event listener for the CheckPassportEvent to get and check the user and set the user profile, e.g.
Profile()->setUser($user)->set2FAEnabled(false)->saveToStorage(); // v2025
Well, I’m using version 2023, will this code work? We have not yet migrated to 2025, we always migrate from a previous year, we will be migrating to the 2024 version