2FA Error / Unable to Disable


  • Used Zammad version: 6.1
  • Used Zammad installation type: source
  • Operating system: Zammad Server: Ubuntu 22.04 / Desktop: Win 10 Entp. 22H2
  • Browser + version: Desktop: Google Chrome v118

Expected behavior:

  • Enable 2FA / Security Tokens for Admins and Agents on a server without SSL/Certificates. User shall be able to login and add a security token.

Actual behavior:

  • Admins are prompted with the ability to add a 2FA-Security key, however after naming the key and selecting “Next”, output is given as “The application is not running in a secure context.”

Steps to reproduce the behavior:

  • Pre-req: Setup Zammad without SSL/Certificates (assumption)
  • Enable 2FA for Agents/Admins and set it to required.
  • Select add token instead of “Cancel and log-out”
  • Input a name for the token
  • Receive actual behavior.

Additional information

  • I would like to turn this 2FA feature off, however I am unable to log back into my admin account without adding a security key. However, adding a security key seems to be disabled due to the ACTUAL BEHAVIOR where I receive the “This application is not running in a secure context”

  • I am unable to find the configuration setting to run (rails r 'pp Setting.set(“???”, “???”)) in any of the documentation nor the files.

About the error message: I think you mean the “Security key”-Authentication Method or? This is the normal behaviour from the browser and the used WebAuthn-Standard, it’s nothing related to Zammad.

I think you can disable the “Security key”-Authentication Method with this setting:

Setting.set('two_factor_authentication_method_security_keys', false)

To remove the required 2FA-Setup you can manipulate the following setting two_factor_authentication_enforce_role_ids (it could be set to []).


Thank you very much, that seemed to fix this issue and I was able to log back in to the web UI.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.