Permission to disable tfa

Agnes · October 29, 2025, 3:26pm

In my custom FE admin system, I am trying to setup a way for a lower level admin role (lower than superadmin) to disable another user’s tfa, if needed (for example someone has lost their phone or auth app). I have created a custom endpoint that posts to ‘/users/[id]/tfa/disable’ and this works, but only if I’m superadmin. Otherwise I get permission error. What collection do I need to give permission to for this? It is obviously not directus_users since admins already have update permission to that. Or is this something that can never have an access policy?

I am the only superadmin for the system and I’d rather not have tfa issues on my support table

rijkvanzanten · October 30, 2025, 8:54pm

There’s no built-in way for other users to force reset or override the TFA token. This is currently done on purpose as doing so opens up a large security can of worms. That doesn’t negate your ask though! I’ve jotted down your message as a feature request so we can address this in a better way in the future Thanks!

Topic		Replies	Views
User with permission to create collection returns forbidden Help permissions , collections	2	61	May 12, 2025
Multiple permission rules per collection Help	1	85	June 17, 2025
Getting list of users who can access an individual collection item based on permissions Help data-modeling , permissions , flows , collections , api	0	7	December 2, 2025
Get user permissions per item Help	1	43	June 17, 2025
Share Auth Tokens don't seem to work Help authentication	8	88	September 2, 2025

Permission to disable tfa

Related topics