We’re trying to get PBX MFA on all of our servers. We have over 500 deployments. At this point we have multiple annoyances with the module, and wondering if it’s just us.
Having to “buy” the module for each deployment. Why are we required to purchase the module for each deployment, and why do we have to buy multiple instances of the free licenses if we have multiple admin users? It’s extremely time consuming to add the license to every single deployment we have. We’ve tried reaching out to our rep but he asked for a list of our deployments (?)
If the module is free, why not just make it an open source default module? Why is it still a commercial module at all?
The module sends MFA codes/ QR via email. Why can’t the module just display a QR code upon login with the code?
Making any change to an administrator disables MFA for every user. Changing a password, updating access to modules etc. completely disabled MFA for each user, and I have to go back in and manually enable it.
Probably because Sangoma has an interest in knowing who is using FreePBX who is doing actual real commercial work with it and how many PBXes they have deployed. You may think they just want to mine that for sales data but I don’t think that is it at all (since the few times Sangoma has cold called me for sales their lead generator has always been very surprised when I tell them “yeah, I am already using Sangoma’s products” lol)
But the reality is that there’s a lot of purchasing decisions people make out there based on the perceived installed base of products. 500 PBX deployments is quite a lot and that’s just the PBX I imagine you have thousands maybe tens of thousands of desk phones. It’s important to let companies like Cisco and HP be aware of this since product managers at those companies use that data to determine product features.
Cisco for example missed out on a huge number of deskphone sales opportunities when they did not write an industry standard SIP firmware for their phones that they got in 1998 from the Selsius acquisition and it was a just about a generation later in 2016 that they finally released 3PCC for the x8xx series of phones. Instead, they faffed around with Linksys-branded phones for years when they acquired Linksys in 2003 as they were under the impression that Asterisk-based PBXes were too small a market for them to bother with. That is because since Asterisk is open source nobody was collecting that data and publishing it. Well, now when you install FreePBX it does want a code but you can just get 1 code and use it for multiple PBX which is not helpful for clarity at all.
The MFA module is one of those things that if someone is using it it’s highly unlikely they are a little experimenter with 1 PBX in their house. It’s an obvious data collection point for installed base.
I will point out the OpenWRT project is currently thrashing around with this problem (and, IMHO making the wrong choices) Because they don’t collected installed base data they have no leverage to get Broadcom to release an Open Source SDK for wifi6 chips, and Qualcomm has little interest in adding in an override for uboot for their wifi6 chips, and Qualcomm used to be the darling of that project. Now Mediatek is all that’s left who is producing wifi6 chips that they can use and is the new darling - but unless they do something to start reporting stats on installed base of openwrt, sooner or later Mediatek will go down the same road the others have, believing that nobody in open source uses their products so why bother with making anything open that a 3rd party can use?
Do you want FreePBX in a walled garden where the only kind of phones that will work with it are Samgoma’s? OK, then do what you can to hide deployments and make FreePBX look like a little backwoods hick project that nobody uses…