FreeNAS (TrueNAS/TrueNAS Core) MFA question

I was looking at FreeNAS as an open source option to use as a datastore for XCP-NG hosts.
Security is important to me, which means 2FA/MFA is important to me. I’m one of those “MFA everywhere” people. Thanks to your videos, I was able to do the XOA from source thing and enable OTP (TOTP with authenticator app like Google Authenticator). When I’m researching accomplishing this in FreeNAS, I’m just seeing old forum threads (starting in 2016) referencing that 2FA and RBAC are not seen as a priority for their developers. That concerns me. Specifically, being able to use the web console to sign into my FreeNAS server using MFA is what I’m looking for. I can implement MFA over SSH without an issue, but I don’t believe it translates to the web console if I understand how it works correctly. Also, I make absolutely no claims to be a FreeNAS expert, and I found the videos on the LTS channel to be very helpful, so I thought this might be a good place to start.

Are there any plugins or configuration option I might not be aware of that you are using to meet this kind of use case?

Thanks in advance.

I do not know if this would work in your use case.

You can use LDAP to authenticate with FreeNAS. If you use the FreeIPA LDAP implementation, you can set the use of OTP in the LDAP server. In that case instead of password you need to provide password plus token to login (the token is added to the end of the password - extended password).
In that case, FreeNAS would not be aware of 2FA, it is all handled by the LDAP server.

Thanks a lot for the response. I believe this should work for my use case. I’m definitely going to try to give that a go in my lab. Much appreciated. Thanks.

Not sure if you figured this out but if you are now running the latest TrueNAS core (12.X) 2FA is available under the System > 2FA menu. This will allow you to setup an app like Google Authenticator and prompt you for the code when you login to the web console.

I hope this helps