@Fae  - This really should be be priority 0 for a supposed business-class product. Do you understand the security implications of a cloud account compromise for someone managing multiple sites?

Look at the Kudos and Views for this thread, and the one at Request - Please add two factor authentication to the omada cloud managment.

As non-optimal as they are, you could even start with SMS and email link verification.

Thanks @Fae - As the only active official account on here (are you one person or multiple?) I know you mostly only get our complaints/requests, but some of these seem basic/long-standing. Is there a timeline/roadmap posted of planned features and fixes?

@YATechMonkey 

Adding to this comment, I've held off doing a large scale deployment until MFA is in place.  The TP-Link Omada solution came out on top for price, performance, etc. - except for meeting our MFA requirement.

@WirelessForEver Time for the monthly bump. Looks like it may be getting close with the addition of the Cloud Controller on the Omada page saying coming soon. Hope this migrates down to the other tiers and includes the MFA.

https://www.tp-link.com/us/business-networking/omada-sdn-controller/omada-cloud-based-controller/

@Merryworks 

Merryworks wrote

@WirelessForEver Time for the monthly bump. Looks like it may be getting close with the addition of the Cloud Controller on the Omada page saying coming soon. Hope this migrates down to the other tiers and includes the MFA.

 

https://www.tp-link.com/us/business-networking/omada-sdn-controller/omada-cloud-based-controller/

 

Thanks for the monthly bump!  Hoping for this soon too!  Fingers crossed they add SSO support too if they're marketing the solutions to MSPs now.

Hope all is well with you.

@WirelessForEver wow, I'm honestly shocked to discover they still do not have MFA protection in the cloud, and it's now been over a year since the original poster pointed out the flaw! I just purchased a big lot of Omada products (2x OC-200, 2x TL-R605, 2x EAP620-HD) and was looking forward to rebuilding my network infrastructure across two sites with TP-Link, but this is honestly a deal breaker! A single point of control to all my networks, accessible from anywhere on the web, and they didn't think it warranted implementing any additional security beyond a simple password? Like another poster has said, if they missed such an obvious thing, what else could they be missing?! My whole incentive for this rebuild was because my previous infrastructure had gottten compromised, so for me, this isn't something I'm willing to compromise on. I'm afraid I have no choise but to return the equipment while I can still get my money back. TP-Link, this is a huge security gap, it shouldn't have taken you over a year's time to simply "forward the request to the development team for evaluation"... MFA has been an essential feature in online security for several years now, and for a major company operating in this field it shouldn't have taken this long to get onboard.