Customization of Personal page

[KB7777]

It will be very helpfull for buisness-side to get full customization and settings of Personal page:

• turn off showing phone number, address, WWW, Twitter, get the apps part, even Groups
• posibility to disable App passwords,
• hide second-factor backup codes if 2FA is disabled

Regards.

[MariusBluem]

turn off showing phone number, address, WWW, Twitter, get the apps part, even Groups

you can disable the global lookup-part in the admin-settings, but not the fields from the personal page. Don't know whether it makes sense to remove them in some cases. Same for groups.
What do you think? @schiessle

posibility to disable App passwords,

Well ... Why should you? - please explain the use-case. They can increase the client/server security 😅 (even if you are not using 2fa_, you can restrict some devices access to your Nextcloud [no filesystem-acess] or revoke a device if lost)

hide second-factor backup codes if 2FA is disabled

See: #3308

[KB7777]

Well ... Why should you?

Security policy of organization -- every single password has to be change after 28 days and only LDAP logins for users.

[nickvergessen]

@KB7777 the app passwords are going to be forced for certain features in the future (e.g. sync clients)

[KB7777]

With few thousands weak users it may do a lot of work for admins :)

[MorrisJobke]

cc @ChristophWurst @karlitschek What is your opinion here? I guess it is unlikely that we will provide any of the mentioned items.

[karlitschek]

Well it might sense to add options to hide fields like phone number, address, WWW, Twitter. Not sure about app passwords. This are essentially access tokens and not passwords. Not sure if it makes sense to expire tokens and certificates in a company on a time basis. Never heard of anyone who wants this. I agree the second-factor backup codes should be removed if 2FA is disabled. Does this make sense? @LukasReschke

[schiessle]

Well it might sense to add options to hide fields like phone number, address, WWW, Twitter.

I wouldn't add options to remove them individually. But it might make sense to disable all of them (beside display name and email of course) and also the access control drop-down in case the lookup-server is disabled.

[KB7777]

Not sure if it makes sense to expire tokens and certificates in a company on a time basis.

It is about of model of implementation. At our company, for now, we would like to give as little as possible features and options as possible. The app passwords are not neccesery at this time and we want to not confuse users with many options to set.

[MorrisJobke]

It is about of model of implementation. At our company, for now, we would like to give as little as possible features and options as possible. The app passwords are not neccesery at this time and we want to not confuse users with many options to set.

If this is the real case, then hide them via CSS. Yes it is a hack, but for us it makes no sense to hide them, because they are now essential for how authentication works.

I will close this ticket for now as it seems that the majority does not want this hidden behaviour. If you want to hide the fields in the personal settings as well, then maybe use the theming_customcss app from the appstore to inject the needed CSS rules to hide those elements.