From Magento 2.4 release, Multi-Factor Authentication (MFA) becomes enabled by default. After installation is finished, store admin will be presented with the below window after logging in for the first time:
If an email address is set up on the server, an email will be sent to the email address used for ‘admin email' during Magento installation:
Note: if the email address is not set up on Magento installation, MFA can be disabled using the following command:
php bin/magento module:disable Magento_TwoFactorAuth
After the email address is set up, MFA can be reenabled with:
php bin/magento module:enable Magento_TwoFactorAuth
The link in the email will redirect admin to the MFA setup page with two options like the ones you see in our screencap below:
Choose the 2FA provider that is suitable for you and click “Apply”.
Google Authenticator
Firstly, we will walk you through the guide of how to use Google Authenticator to set up MFA:
On your mobile device, you need to download an authenticator app (Google Authenticator or Microsoft Authenticator) and select scan QR code.
After putting in the code generated by the Authentication app and pressing Confirm, 2FA is set for the admin account.
Aside from Google Authenticator, several other providers can be used. You can find the list of providers under Stores menu > Setting > Configuration, in the left panel choose 2FA on the Security tab:
You can choose one or more of the available Providers on this page. Some providers will require credentials to be set
Duo Security
To use Duo Security for authentication, some credentials must be filled:
Getting credentials
- Step 1: Log in to your Duo Security account -> click the “Applications” -> “Protect an Application” button:
- Step 2: choose “Web SDK” and click the “Protect” button:
- Step 3: Get the credentials on the Web SDK page and fill them into Magento 2 site:
Config Duo Security for store admin
- Step 1: When the Duo setup page appears, click the button to continue setup or click the “Skip this configuration until next login” link to skip setup:
- Step 2: Select the device
- Step 3: Enter the number to verify:
- Step 4: Verify the device:
- Step 5: Install the Duo Mobile app and open it:
- Step 6: Scan the QR code by Duo Mobile app:
- Step 7: Verify code by Duo Mobile app:
Authy
- Put API under the Authy section:
Refer to the Authy document to set up authentication and get your API key.
U2F Key
Follow the U2F Key document from the solution provider to configure your U2F device.
Conclusion
We have covered our detailed guide on how to set up MFA for your Magento 2 backend account. We hope that this blog post has contained the answers to your questions or troubles regarding this work. However, if you still have further questions, please drop them down in the comment section or send us your message via our store.