Joomla Multi-Factor Authentication (MFA)

Validate your users with our powerful Joomla MFA/Two-Factor Authentication (TFA) plugin. It protects user accounts from unauthorized access and ensures secure email/phone verification during registration

Download Pricing Plan

Demo Trial

Documentation

Our Trusted Customers

How to setup MFA in Joomla?

Step 01

Install Joomla 2FA Extension

Install the extension then click on 'Get Started' to go to the Joomla Two-Factor Authentication extension dashboard.

Step 02

Configure MFA

Enforce 2FA for users which will invoke second-factor authentication for any user during login.

Step 03

Advanced Settings

Configure 2FA based on the user's role/group, domain, and IP address easily using the advance settings tab in our MFA plugin.

Key Features of our Joomla MFA Extension

Discover the features that make your Joomla experience simple and secure.

Post-Registration MFA

Prevent Spam Registration

Passwordless Login

Role/Domain Based MFA

MFA at Password Reset

Password Age/Length-Based MFA

Remember My Device

Back-Up Methods

Post-Registration MFA

After user registration on Joomla site, they are directed to a page to complete the inline registration. So, every time a user tries to login to the Joomla site, MFA is initiated.

Why Choose Our Multi-Factor Authentication Extension?

Compliance Ready

Stay compliant with data protection and cybersecurity standards. Whether you're managing an e-commerce site or a government portal, enabling 2FA helps meet regulatory requirements like GDPR and HIPAA by enforcing secure user authentication.

Stronger Security

Add an extra layer of security to your Joomla login. Even if a password is compromised, MFA ensures that attackers can't gain access without the second factor, whether it's an OTP, email link, or authenticator app code.

Cost-Effective

Our Joomla 2FA plugin is designed to be affordable for businesses of all sizes. No need to pay for enterprise-level tools when you can get premium-grade features like OTP over email, TOTP, and backup codes at a fraction of the cost.

Beyond Native 2FA

While Joomla offers basic 2FA, it's limited in features and flexibility. With miniOrange, you get support for multiple authentication methods, can enforce 2FA for specific user roles or groups, and can customize the login experience.

Passwordless Login

Reduce user friction by allowing users to log in using just an OTP, no password needed. Passwordless login eliminates common risks like weak or reused passwords, making the authentication process both secure and user-friendly.

Instant Login Alerts

Sends an email notification after a user successfully completes Multi-Factor Authentication (MFA) and logs in. The email contains the authentication method used and the username.

OTP Verification with Custom Gateways Support

This feature allows you to easily implement OTP verification during the registration process for new users, using either email or SMS. By doing so, you can prevent fake accounts and enhance the security of your site while reducing the number of spam accounts. Additionally, you have the option to set up OTP verification using a custom gateway of your choice. Below is a list of some popular gateways that we support.

Joomla OTP Verification with Custom Gateways

Pricing Plans for Everyone

Transparent, Simple Pricing

Premium

One simple plan that has it all

$10

No. of Users:

Free trial available

On-Premise

No Cloud, No Compromise

$149

Per Instance

+ Transaction Charges

Get In Touch With Us

Features	Native 2FA	miniOrange 2FA
2FA at Login
MFA Recovery
Update MFA in Profile
Multi-Language Support
2FA Setup During Registration
Role-Based MFA Control
IP-Based MFA Block
MFA for Password Reset
Login Analytics
OTP for Forms (Email/SMS)
OTP Limit Control
Domain Access Restriction
Country/Code Restrictions
Alphanumeric OTP
Custom OTP Length/Expiry
Passwordless Login
Device Remembering for MFA
Backdoor URL
Custom Email/SMS Templates
Multi-Form Support
Custom OTP Gateway

All Authenticators and 2FA Methods are supported with each of our plan. License is linked to the instance of the Joomla site, so if you have a dev-staging-prod type of environment then you will require 3 licenses of the extension (with discounts applicable on pre-production environments). Contact us at joomlasupport@xecurify.com for bulk discounts.

Frequently Asked Questions

Does the miniOrange 2FA extension support Joomla 6?

Yes, the extension is fully compatible with Joomla 3, 4, 5, and 6. It is designed to integrate seamlessly with the latest Joomla versions and works out-of-the-box with all standard Joomla themes. This ensures that as you upgrade your CMS, your site’s security remains intact without any compatibility issues.

Which Two-Factor Authentication (2FA) methods are supported

The plugin supports a wide variety of MFA methods to suit different user needs, including:

Authenticator Apps: Google Authenticator, Microsoft Authenticator, Authy, etc.
OTP Services: One-Time Passwords sent via Email or SMS.
Passwordless Login: Secure login using just a username and a verified second factor.
Security Questions (KBA): Knowledge-based authentication for an added layer of verification.

Can I enforce MFA for specific user groups or roles in Joomla?

Absolutely. One of the advanced features of this extension is Role-Based MFA Control. This allows administrators to mandate two-factor authentication for high-privileged roles (like Super Users or Administrators) while keeping it optional for standard users. You can also restrict MFA based on specific domains or IP addresses.

How can I regain access to my Joomla account if I lose my 2FA device?

The extension provides multiple recovery options to prevent account lockout. You can use Backup Codes generated during the initial setup or a Backdoor URL (accessible only by administrators) to regain access. These backup methods ensure that legitimate users are never permanently locked out of their accounts.

Is there a "Remember My Device" feature to skip MFA on trusted browsers?

Yes, the Remember My Device feature allows users to perform multi-factor authentication once and skip it for a specified number of days on that same browser. This balances high security with a smooth user experience, reducing friction for frequent users while still protecting the login process from unauthorized devices.

Can I use my own SMS gateway for OTP verification?

Yes, the miniOrange Joomla 2FA plugin is highly flexible and supports Custom Gateway Integration. While it comes with built-in support for popular providers like Twilio, Amazon SNS, and ClickSend, you can also configure your own custom SMS or Email gateway to send OTPs to your users.

Want to Schedule a Demo?

Thank you for your response. We will get back to you soon.

Something went wrong. Please submit your query again