When a TOTP server is enabled, is there a way require TOTP for some accounts but not for others?
I noted related thread https://forum.opnsense.org/index.php?topic=9690.msg44232 (https://forum.opnsense.org/index.php?topic=9690.msg44232), but this does not address my question.
An admin account would login with TOTP with full GUI privlages. A user (with only vpn and password manager GUI privlage), would be able to login without TOTP.
I have found that enabling both Local and Local+TOTP authentication servers, allows admin user to login in both with and without TOTP. When only Local+TOTP a user cannot login.
Is there a way to enable the admin to login only with TOTP, and still allow the user to login without TOTP?