Two Factor Authentication (2FA) for nopCommerce using OTP over SMS

Overview

nopCommerce Two-Factor Authentication (2FA) plugin adds an extra layer of authentication, making your nopCommerce stores more secure. Two-factor authentication, or 2FA, is another name for this sort of MFA, which improves the security of your nopCommerce websites. To protect sensitive data, you must verify that the users attempting to access it are who they say they are. With 2FA, it is possible to protect user passwords and accounts against security threats such as phishing, brute-force attacks, credential exploitation, and others. Role-based 2FA, Domain-based 2FA, IP whitelisting, Customizable KBA questions, Reset 2FA method, Customizable Email and SMS template, Configure Your Own SMS and Email Gateway, and other features are available through the nopCommerce Two Factor Authentication (TFA) plugin.

Download

Pricing Plans

Pre-requisites : Download And Installation

Download the nopCommerce Two-Factor Authentication (2FA) plugin.
To install the plugin, login as admin into your nopCommerce store. In the admin dashboard, navigate to Configuration Tab >> Local plugins.

Click on the Upload plugin or theme button at the top right corner, then in the popup window, click Choose File, select the downloaded plugin ZIP file, and click Upload plugin or theme to proceed.

After uploading the plugin, click on Restart Application to apply the changes. Once the application restarts, you will see the plugin listed below. Click on the Install button to install it, and then click Restart Application again to apply the changes.

Configuration Steps

Step-by-step guide for implementing Two-Factor Authentication (2FA) in nopCommerce using OTP over SMS.

After successful installation, locate the plugin in the list and click on the Configure button to proceed with the setup.

1. Activate the 2FA Plugin using the License Key

On clicking Configure, you will be redirected to the license activation page, and you will receive a trial license key on your nopCommerce registered email.
If you have not received the license key on your provided email, use the Download License Key button in the plugin to download the license file.

To activate the plugin, you can either:
- Enter the license key received via email in the provided input field.
- Upload the license file that you downloaded using the button mentioned above.

Then, check the box "I have read the above conditions and I want to activate the plugin", and click Activate License button.

After successful license activation, the plugin dashboard will open as shown below.

2. Configure OTP over SMS

Navigate to the OTP Methods tab. Select OTP over SMS as a two-factor authentication (2FA) method and click on the Configure button.

After clicking on Configure, the OTP over SMS dashboard will open.

Select the User phone attribute from the dropdown and click on Save.

Enter the phone number and click on the Get OTP button.

After clicking on the Get OTP button the user will receive One Time Passcode on the entered mobile number.
Enter the received OTP and click on the Verify OTP button, after verifying OTP the method will be configured and can be enabled for the end user.
To enable the method for the end user, click on the OTP over SMS toggle button.