Search Results :

×
Sign Up Contact Us

Contents

Setup 2FA/MFA for Headless/Decoupled Drupal

Secure Headless/Decoupled Drupal with a robust Two Factor Authentication (2FA) using Drupal Two Factor Authentication - 2FA / Passwordless Login. This guide will help to configure Two-Factor Authentication (2FA / MFA) for Headless Drupal site. Drupal 2FA module will add a second layer of authentication to Drupal account to increase the security of site from unwanted hacks and unauthorized login attempts. The Drupal Two Factor Authentication - 2FA / Passwordless Login is available for Drupal 7, Drupal 8, Drupal 9 and Drupal 10, and Drupal 11.

download plugin button Download plugin pricing button schedule meeting button Schedule a Meeting
  • Download the module: 
    Composer require 'drupal/miniorange_2fa'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange Second Factor Authentication using the search box.
  • Enable the module by checking the checkbox and click on install button.
  • Configure the module at 
    {BaseURL}/admin/config/people/miniorange_2fa/customer_setup
  • Install the module: 
    drush en miniorange_2fa
  • Clear the cache: 
     drush cr
  • Configure the module at 
    {BaseURL}/admin/config/people/miniorange_2fa/customer_setup
  • Navigate to Extend menu on your Drupal admin console and click on Install new module button.
  • Install the miniOrange Second Factor Authentication module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on install button.
  • Configure the module at 
    {BaseURL}/admin/config/people/miniorange_2fa/customer_setup
  • Navigate to the Headless 2FA tab.
  • Click on Enable Headless Two-Factor toggle button to activate the Headless/Decoupled 2FA service.
Drupal Headless 2FA - Enable headless 2FA
  • Select the authentication method of from 2FA method dropdown.
Drupal Headless 2FA - Select 2FA Method
  • Select the Select phone number field from the dropdown. You can click the link in Note to check available fields on Drupal site.
  • Click on the Save Settings button.
Drupal Headless 2FA Enter Machine Name
  • Minimum requirement for integrating 2FA with Drupal :
    • Login page : Having Username and Password fields
    • OTP Page: Having OTP fields
Drupal Headless 2FA - Flow diagram
  • The first step is to authenticate users by sending Username and Password to /headless/authenticate endpoint (API) so they can authenticate against the Drupal database. Once the user is authenticated successfully, OTP will be sent to registered mobile/email (depending on the configuration).

API: POST {drupal-base-URL}/headless/authenticate.
What you will send:
{"username":"xxxxx","password":"xxxxx","apiKey":"xxxxx"}
If successful, you will receive back the following response:
{"username":"xxxxx","status":"SUCCESS","message":"xxxxx","transactionID":"xxxxx","authType":"xxxxx"}

  • With the following parameters:
    PARAMETER TYPE REQUIRED? DESCRIPTION
    username string required Entered by the user on the login form.
    password string required Entered by the user on the login form.
    apiKey string required Send the apiKey provided in the module.
  • The second step is to validate the user by sending OTP (One time passcode) to /headless/login endpoint (API).

API: POST {drupal-base-URL}/headless/login
What you will send:
{"username":"xxxxx","transactionID":"xxxxx","authType":"xxxxx","otp":"xxxxx","apiKey":"xxxxx"}
If successful, you will receive back the following response:
{"username":"xxxxx","status":"SUCCESS","message":"xxxxx","userprofile":"xxxxx"}

  • With the following parameters:
    PARAMETER TYPE REQUIRED? DESCRIPTION
    username string required You will get this in response to the first API call.
    transactionID string required You will get this in response to the first API call.
    authType string required You will get this in response to the first API call.
    otp string required You will get this in response to the first API call.
    apiKey string required Send the apiKey provided in the module.
    ERROR CODE DESCRIPTION
    400 Authentication Failed API Authentication Failed
    404 Not Found Headless 2FA setting is not enabled. Please enable the same under the Headless 2FA Setup tab of the module.
    401 Unauthorized User has entered invalid credentials (username/password)
    403 Forbidden User has entered the incorrect OTP (One time passcode)
    500 Internal Server Error You will get 500 Internal Server Error due to various reasons, please check Drupal logs for more details.

Explore the advanced features offered by the module with full-featured trial. You can initiate the trial request using Request 7-day trial button under Register/Login tab of the module or reach out to us at drupalsupport@xecurify.com for one-on-one assistance from Drupal expert.

24x7 Support

24/7 Support

The Drupal developers at miniOrange offer quick and active support for your queries. We can assist you from choosing the best solution for your use case to deploying and maintaining the solution.

 Contact us
Case Study

Case Studies

miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly flexible/customizable Drupal solutions.

 Read more
Other Solutions

Other Solutions

Feel free to explore other Drupal solutions that we offer the popular solutions used by our trusted customers include SSO, User Provisioning, Website Security.

 Know More
ADFS_sso ×
Hello there!

Need Help? We are right here!

support