Search Results :


Joomla Two Factor Authentication
2FA / MFA Plugin

Joomla Two Factor Authentication - TFA / Multi Factor Authentication - MFA plugin raises the level of security for your Joomla website. The likelihood that an attacker can impersonate a user is reduced via MFA. Our miniOrange Joomla Two Factor Authentication plugin is incredibly safe and simple to set up. The plugin offers over 15 different two factor authentication methods accessible for logging into Joomla, including Google Authenticator, TOTP, OTP over SMS, OTP over email, Push Notifications, OTP over Telegram / WhatsApp and more.

Contact us at and we'll help you set up TFA with your Joomla site in no time.

Two-Factor Authentication Plugin for Joomla

Joomla Two Factor Authentication: What Is It?

Joomla Two Factor Authentication (TFA/MFA) is a security feature that requires users to provide further proof of identity when accessing a Joomla website. The first factor is typically a password (something only the user knows), and the second factor authentication can be a unique code sent via text, or a time-based code on an authentication app (something only the user has).

If you want to learn more about our user-friendly features, you can find video links below.

Why is miniOrange Joomla Two Factor Authentication required?

miniOrange Joomla Two Factor Authentication plugin supports specific-role TFA, Domain-based TFA, IP whitelisting, custom branding and offers a wide array of verification methods (including QR, SMS, phone calls, push notifications, Security Questions (KBA) and Backup Codes). Additionally, we provide the ability for Passwordless Login, which may be used in conjunction with any configurable OTP methods. You should prefer our plugin if you wish to go for advanced security instead.

Why Two-Factor Authentication is needed?

Key Features

Role Based TFA

You can enable Two Factor Authentication TFA / MFA for specific user roles. TFA will be invoked only for the users which fall under the roles you save.

Domain Based TFA

You can enable the Second Factor Authentication - TFA / MFA for specific domains. TFA will be invoked if the users belong to the configured domain.

Whitelist IPs

You can provide a list of trusted IP addresses and MFA will not be invoked for those IPs

Passwordless Login

Provides passwordless authentication during login, which requires users to enter only their username and one-time password (OTP). Therefore, a password is not necessary.

Remember my Device

With this feature you can choose to save your frequently used devices which would eliminate the need to verify your identity while using the same browser.

Secure Two Factor Authentication

This feature provides Multi Factor Authentication - TFA / MFA during login via a range of methods, including text messages, hardware tokens, and many other options.

Back-Up Methods

Our MFA plugin offers various backup methods for you to log into your account in case you have lost your phone or you are logged out of your account.

Features Free Premium On Premise
All Authentication Methods
Remember My Device
Login with phone number
2FA on profile update
Passwordless login
Enforce 2FA registration for users
Supports all the languages
Backup security questions (KBA)
Add your own security questions
Customize number of KBA to be asked while login
Backup codes
Change app name in Google authenticator app
Custom Email Templates
Custom SMS Templates
Custom OTP length and validity
Backdoor URL (incase you get locked out)
Enable Role based TFA
IP specific TFA (Whitelisting IP Address)
Select TFA methods to be configured by end users
TFA over Password Reset
24/7 Support

Login Form Integrations

The majority of the Joomla login forms are supported by us. Our Joomla TFA/MFA plugin is tested with nearly all of the forms mentioned above and more.

If there is any custom login form where Two Factor is not initiated for you, please reach out to us by dropping a query at

Frequently Asked Questions

How do i manage my trusted devices?
If I enable the 'Change TFA method for users' feature then how will it work?
What happens if I lose my phone?
How can I see which users have 2FA enabled in my organization?
How the passwordless login works with TFA enabled?
I want to enable only one authentication method for my users. What should I do?
Can I choose to enforce TFA only for End Users or Admins. How can I do it?
Is there any option with which users have the option to skip the TFA setup?
Can admin reset TFA for a particular user?
If I originally set up TFA with one email address but have since changed my email, where will I receive the verification code: on my old email or the new one?
I am facing issue in scanning QR code, what is the reason behind the error?
My Users are not being prompted for 2-factor during login. Why?
I want to create my own Security Questions, how do I do that?
I want to customized UI of Login Pop up’s, how I do that?
I want to reset Two Factor for my users, how I do that?

Why Choose miniOrange?

24/7 Customer Support

We are 24/7 available for your query resolutions, on email and phone support. Just one click away.

Strong Domain Expertise

miniOrange is a domain expert in IAM products such as SSO, 2FA/MFA, and custom enterprise solutions.

Custom Development

We offer custom plugins (extensions) that are developed and tailored to your needs.

Extensive Setup Guides

Easy and precise step-by-step instructions by videos to help you configure within minutes.

Knowledge Base

Our Policies

Does miniOrange store any user data?

miniOrange only stores your Email and Phone number on our servers. Your personal data is protected and not shared with anyone. miniOrange does not store or transfer any other data out of your systems.

Does miniOrange offer technical support?

Yes, we provide 24*7 support for all and any issues you might face while using the plugin, which includes technical support from our developers. You can get prioritized support based on the Support Plan you have opted for. You can check out the different Support Plans here.

What is our refund policy?

At miniOrange, we want to ensure you are 100% happy with your purchase. If the licensed plugin you purchased is not working as advertised and you've attempted to resolve any feature issues with our support team but couldn't get them resolved, we will refund the amount paid for the plugin. Please note that we will not refund any fees paid for support plans, support hours, or customization charges.

Note that this policy does not cover the following, any change in mind or change in requirements after purchase or Infrastructure issues that do not allow the functionality to work.

Hello there!

Need Help? We are right here!

Contact miniOrange Support

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to