Step by Step Guide for Setup Magento Two-factor Authentication (2FA) (OTP over SMS)
Setup OTP over SMS 2FA method with Magento extension. This guide will help you to configure OTP over SMS as Two Factor Authentication ( 2FA ) method for your Magento site. The Magento 2FA extension will add a second layer of authentication to your Magento account to increase the security of your site from unwanted hacks and unauthorized login attempts.
Click here to know more about other features we provide in Magento 2 Factor Authentication extension
What is Two Factor Authentication ?
Two Factor Authentication 2FA for Magento extension is highly secure & easy to set up for your Magento site. Rather than relying on a password alone, which can be phished or guessed. miniOrange adds a second layer of security to your Magento accounts. It protects your site from hacks and unauthorized login attempts.
How does Two-Factor authentication (2FA) work ?
- Firstly, the user navigates to the login page of the application or a website. For instance www.example.com/login.
- User enters a username and password. User’s login credentials are checked by their respective server. This is the first factor of authentication.
- The site then prompts the user with the 2nd step authentication E.g Pop up asking for OTP sent over SMS /Email.
- When the user enters the second factor like OTP or Push notification it is checked against the database system if the second factor is correct.
- After successfully completing the 2nd factor authentication user is granted access to the application or a website.
Pre-requisites : Download And Installation
Installation using Composer:
- Purchase the miniOrange Two Factor Authentication extension from magento marketplace.
- On the marketplace dashboard select My profile > My purchases and note the module_name & version.
- Then again go to My Profile > Access Keys in the marketplace dashboard and note the access keys. (If you do not have an access key, simply click the "Create A New Access Key" button to generate one).
- Use the below command in command prompt to add the extension to your project.
"composer require miniorange_inc/miniorange-2fa"
- Use Public key as username and private key as password for verification which you will get from access keys.
- Run the following commands on command prompt to enable the extension.
php bin/magento setup:di:compile
php bin/magento setup:upgrade
Manual Installation:
- Download miniOrange Two Factor Authentication Free plugin zip from here.
- Unzip all contents of the zip inside the MiniOrange/Two_FA directory.
{Root Directory of Magento} app code MiniOrange Two_FA
1. php bin/magento setup:di:compile
2. php bin/magento setup:upgrade
Setup OTP over SMS 2FA method
- Register/Login with miniOrange.
- Go to the Two Factor Settings tab to enable 2fa during Sign in.
- Click on the Enable Two Factor Authentication for Admin to setup Two Factor for Admin's.
- You can choose specific methods for different roles from the dropdown.
- Select OTP Over SMS method and click on the Save button.
- When you log in the first time, you will be asked to set up two-factor authentication. Let’s see how it works.
- Enter your Admin account credentials.
- Enter your mobile number to receive OTP on SMS then click on the Save button.
- Enter received OTP to the text box and click on the Validate button.
- You successfully log in to your Admin account.
Note: Note down backdoor URL in case you get locked out. Backdoor URL creates a backdoor to login to your magento website.
- Go to the Two Factor Settings tab to enable 2fa during customer registration.
- In the Sign in options for the customer section Enable Two Factor Authentication for Customer to setup Two Factor for customer's.
- You can select different 2FA methods for different roles or groups of customers.
- Then in the ‘ALLOW SPECIFIC 2FA METHODS TO CONFIGURE IN INLINE REGISTRATION’ section OTP Over SMS method for your customers then click on the save button.
- When you log in the first time, you will be asked to set up two-factor authentication. Let’s see how it works.
- Enter your customer account details.
- Enter your mobile number to receive OTP on SMS then click on the Send OTP button.
- Enter received OTP and click on the Verify & Next button.
- You successfully log in to your customer account.
Custom Gateway
- You can setup Your own Custom Gateway in the Custom Gateway Tab.
A. Custom gateway SMTP configuration
1. In the first section add your SMTP details.
2. In the second section add your Email details.
3. In the third section test your Email configuration.
Note: Please refer below screenshot
- We do support following Gateway method:
B. Custom gateway SMS configuration
1. Twilio
2. Get Method
3. Post Method
Note: Please refer below screenshot
Your choice of Second factor
miniOrange 2-factor extension is extendable to use any of the following 2FA methods. If you want to have any other 2-factor for your Magento site,
Contact Us.
- One time passcodes (OTP) over SMS
- OTP over Email
- OTP over SMS and Email
- Phone Verification (OTP Over Call)
- Out of Band SMS
- Out of Band Email
- Soft Token (similar to Google)
- Push Notification
- USB based Hardware token (yubico)
- Security Questions (KBA)
- Mobile Authentication (QR Code authentication)
- Voice Authentication (Biometrics)
Why Our Customers choose miniOrange Magento Single Sign-On (SSO) Solutions?
24/7 Support
We offer 24/7 support for all Magento solutions. We ensure high quality support to meet your needs.
Sign UpCustomer Reviews
See for yourself what satisfied customers have to say about our reliable Magento solutions.
ReviewsExtensive Setup Guides
Easy and precise step-by-step instructions and videos to help you configure within minutes.
Watch DemoWe offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Provisioning, and much more. Please contact us at
+1 978 658 9387 (US) | +91 97178 45846 (India) magentosupport@xecurify.com
Need Help? We are right here!
