From 9f3d0f3f90459cd63359eed531a14e5f03411d79 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <christoph@owncloud.com>
Date: Wed, 8 Jun 2016 15:37:39 +0200
Subject: [PATCH] document occ command to enable/disable 2fa for a user

---
 admin_manual/configuration_server/occ_command.rst | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/admin_manual/configuration_server/occ_command.rst b/admin_manual/configuration_server/occ_command.rst
index b7a3bab68..84e2801c6 100644
--- a/admin_manual/configuration_server/occ_command.rst
+++ b/admin_manual/configuration_server/occ_command.rst
@@ -39,6 +39,7 @@ occ Command Directory
 * :ref:`versions_label`
 * :ref:`command_line_installation_label`
 * :ref:`command_line_upgrade_label`
+* :ref:`two_factor_auth_label`
 
 .. _http_user_label:
 
@@ -1271,3 +1272,17 @@ option::
 You can perform this simulation manually with the ``--dry-run`` option::
  
  sudo -u www-data php occ upgrade --dry-run
+
+Two-factor authentication
+-------------------------
+If a two-factor provider app is enabled, it is enabled for all users by default
+(though the provider can decide whether or not the user has to pass the challenge).
+In the case of an user losing access to the second factor (e.g. lost phone with
+two-factor SMS verification), the admin can (temporarily) disable the two-factor
+check for that user via the occ command::
+
+ sudo -u www-data php occ twofactor:disable <username>
+
+To re-enable two-factor auth again use the following commmand::
+
+ sudo -u www-data php occ twofactor:enable <username>
\ No newline at end of file