FreePBX MFA Module Free For All

ksdpbx · March 24, 2025, 2:57pm

I know I probably shouldn’t be browsing the other forum much, but just saw this and wanted to share since it’s relevant. From Sangoma’s Michael White:

"Hey everyone,

Security is a top priority, and we’ve been paying close attention to the community discussions around it. One point that came up repeatedly is that essential security features shouldn’t be locked behind a paywall. I hear you, and agree.

That’s why we’re making our MFA module free to all FreePBX users. This is a step toward ensuring that every system- big or small, has access to basic protections without extra cost.

That said, Free MFA will be rolling out soon, and as part of an internal process requirement, a formal notification was sent to our distribution partners last week, and we can expect this change to take effect on or before April 1st. In the meantime, if there are other security related changes you think we should consider, I’d love to hear your thoughts!"

tonyclewis · March 24, 2025, 3:28pm

Glad to see they are doing the right thing. Security should not be a paid thing for common basic security like MFA

Crosstalk · March 24, 2025, 3:52pm

When that module was first announced we thought it was odd that it was a paid add-on. Glad to see they’re removing that paywall.

Curious if they’re going to be refunding anyone who recently purchased though?

kenn10 · March 24, 2025, 4:19pm

I hope this is made available to open-source only FreePBX implementations like IncrediblePBX.

lgaetz · March 24, 2025, 4:53pm

The information provided states it’s a free license for a commercial module, so there will be a requirement for sysadmin.

kenn10 · March 24, 2025, 6:46pm

Oh well. That leaves IncrediblePBX out.

lgaetz · March 24, 2025, 6:56pm

Might be a bullet item for your wish list

ksdpbx · April 14, 2025, 8:25pm

Maybe a stupid question - is the PBX MFA module just supposed to I guess be there / enabled? I keep checking every day and I still only get the option to purchase. I thought it would be free for all by April 1st?

AMI · April 14, 2025, 8:32pm

You still need to get a $0 license for it.

ksdpbx · April 14, 2025, 8:46pm

Ah okay, thanks! Got it now. I guess the Buy option never seems to work in the admin console, so had to go to the Sangoma Portal webstore.

Taylor · April 14, 2025, 10:30pm

Another helpful tip:
I believe you will want to base your quantity of $0.00 licenses on how many users you also have with FreePBX admin privileges.

I read that they were possibly going to change that but not certain if that will be awhile, or not.

Ashcor · October 15, 2025, 6:10pm

This may be a dumb question but isn’t the MFA supposed to apply to both the admin login and the UCP? I just set it up on our office system and it’s only promting me when I log into the UCP, on the admin site…. nuthin…

billsimon · October 15, 2025, 7:16pm

If your admin is a Userman user, it should work. I don’t think it’s intended to work with the (deprecated) Admin –> Administrators.

Taylor · October 16, 2025, 3:16pm

I felt like I tested this with both form of admin users and had the same experience that @Ashcor had. Maybe I will need to give it a go again.

Ashcor · December 28, 2025, 1:59pm

I just tested again with a totally new user on my own PBX. I set the user up in usermanager and applied MFA for both Admin and UCP. When logging into UCP it prompts as it should. When logging into the Admin portal it does not… Kind of usesless if it doesn’t work in the admin portal… IMHO

Taylor · December 29, 2025, 3:42pm

@Ashcor out of curiosity, have you tried it without the ClearlyIP Branding Module installed?…. I am wondering if Sangoma is going to rebuttal, with it not working due to this…. even if in truth it is irrelevant, though it could possibly.

Ashcor · December 29, 2025, 4:09pm

I have not but I can’t think of a reason the CIP branding would have anything to do with it

Ashcor · December 31, 2025, 2:06pm

Apparently the feeling on the FreePBX community is that the ClearlyIP Branding module is causing the issue. I have yet to test that theory (too much going on with year end) but if anyone from CIP can comment, that would be cool.

AMI · December 31, 2025, 2:09pm

As it was pointed out there has been code added to Framework that makes the MFA work.

This would need to be part of the CIP Framework module code so it can check for the MFA module.

<?php
	if (\FreePBX::Modules()->checkStatus('pbxmfa') && $PBXMFA_LICENSED) {
		$webrootpath = \FreePBX::Config()->get('AMPWEBROOT');
		include $webrootpath . '/admin/modules/pbxmfa/views/mfa/otpModal.php';
	}
?>

Taylor · December 31, 2025, 5:02pm

I agree @lgaetz, are you able to comment on this, or mention if Tango/Clearly will have any rendition of MFA