Step by Step Guide for setting up Two Factor Authentication (2FA) for Magento
Step by Step Guide for setting up Two Factor Authentication (2FA) for Magento
Setup miniOrange Magento 2FA extension on your Magento website. This guide will help you to configure Two Factor Authentication ( 2FA ) method for your Admin and Customers Account. The Magento 2FA extension will add a second layer of authentication to your Magento account to increase the security of your site from unwanted hacks and unauthorized login attempts.
Click here to know more about other features we provide in Magento 2 Factor Authentication extensionPre-requisites : Download And Installation
Installation using Composer:
- Purchase the miniOrange Two Factor Authentication extension from magento marketplace.
- On the marketplace dashboard select My profile > My purchases and note the module_name & version.
- Then again go to My Profile > Access Keys in the marketplace dashboard and note the access keys. (If you do not have an access key, simply click the "Create A New Access Key" button to generate one).
- Use the below command in command prompt to add the extension to your project.
"composer require miniorange-2fa:{version}" - Use Public key as username and private key as password for verification which you will get from access keys.
- Run the following commands on command prompt to enable the extension.
php bin/magento setup:di:compile
php bin/magento setup:upgrade
Manual Installation:
- Download miniOrange Two Factor Authentication Free plugin zip from here.
- Unzip all contents of the zip inside the MiniOrange/Two_FA directory.
{Root Directory of Magento} app code MiniOrange Two_FA
1. php bin/magento setup:di:compile
2. php bin/magento setup:upgrade
Setup 2-Factor authentication extension
- OTP Over SMS
- OTP Over Email
- Google Authenticator
- Microsoft Authenticator
Setup OTP over SMS 2FA method with Magento extension. This guide will help you to configure OTP over SMS as Two Factor Authentication ( 2FA ) method for your Magento site. The Magento 2FA extension will add a second layer of authentication to your Magento account to increase the security of your site from unwanted hacks and unauthorized login attempts.
Click here to know more about other features we provide in Magento 2 Factor Authentication extension Setup OTP over SMS 2FA method
For Admin setup OTP over SMS 2FA method
- Register/Login with miniOrange.
- Go to the Two Factor Settings tab to enable 2fa during Sign in.
- Click on the Enable Two Factor Authentication for Admin to setup Two Factor for Admin's.
- You can choose specific methods for different roles from the dropdown.
- Select OTP Over SMS method and click on the Save button.
- When you log in the first time, you will be asked to set up two-factor authentication. Let’s see how it works.
- Enter your Admin account credentials.
- Enter your mobile number to receive OTP on SMS then click on the Save button.
- Enter received OTP to the text box and click on the Validate button.
- You successfully log in to your Admin account.
Note: Note down backdoor URL in case you get locked out. Backdoor URL creates a backdoor to login to your magento website.
For Customer setup OTP over SMS 2FA method
- Go to the Two Factor Settings tab to enable 2fa during customer registration.
- In the Sign in options for the customer section Enable Two Factor Authentication for Customer to setup Two Factor for customer's.
- You can select different 2FA methods for different roles or groups of customers.
- Then in the ‘ALLOW SPECIFIC 2FA METHODS TO CONFIGURE IN INLINE REGISTRATION’ section OTP Over SMS method for your customers then click on the save button.
- When you log in the first time, you will be asked to set up two-factor authentication. Let’s see how it works.
- Enter your customer account details.
- Enter your mobile number to receive OTP on SMS then click on the Send OTP button.
- Enter received OTP and click on the Verify & Next button.
- You successfully log in to your customer account.
Setup OTP over Email 2FA method with Magento plugin. This guide will help you to configure OTP over Email as Two Factor Authentication ( 2FA ) method for your Magento site. The Magento 2FA plugin will add a second layer of authentication to your Magento account to increase the security of your site from unwanted hacks and unauthorized login attempts.
Click here to know more about other features we provide in Magento 2 Factor Authentication plugin Setup OTP over Email 2FA method
For Admin setup OTP over Email 2FA method
- Register/Login with miniOrange.
- Go to the Two Factor Settings tab to enable 2fa during Sign in.
- Click on the Enable Two Factor Authentication for Admin to setup Two Factor for Admin's.
- You can choose specific methods for different roles from the dropdown.
- Select OTP Over Email method and click on the Save button.
- When you log in the first time, you will be asked to set up two-factor authentication. Let’s see how it works.
- Enter your Admin account credentials.
- Enter received OTP to the text box and click on the Validate button.
- You successfully log in to your Admin account.
Note: Note down backdoor URL in case you get locked out. Backdoor URL creates a backdoor to login to your magento website.
For Customer setup OTP over Email 2FA method
- Go to the Two Factor Settings tab to enable 2fa during customer registration.
- In the Sign in options for the customer section Enable Two Factor Authentication for Customer to setup Two Factor for customer's.
- You can select different 2FA methods for different roles or groups of customers.
- Then in the ‘ALLOW SPECIFIC 2FA METHODS TO CONFIGURE IN INLINE REGISTRATION’ section OTP Over SMS method for your customers then click on the save button.
- When you log in the first time, you will be asked to set up two-factor authentication. Let’s see how it works.
- Enter your customer account details.
- Enter received OTP and click on the Verify & Next button.
- You successfully log in to your customer account.
Magento Google Authenticator is a popular method for securing user accounts. To make user accounts more secure, let's set up the Magento Google authenticator method. In this guide, we will show you how to set up Magento Google Authenticator via our Magento Two Factor Authentication (2FA) plugin. By using Magento Two Factor Authentication (2FA), you can increase the security of your Magento account against unwanted hackers and unauthorized login attempts.
Google Authenticator is a popular 2FA app that generates a unique, time-based code that you enter along with your password to log in to your Magento account.
There are two easy ways to configure Magento Google Authenticator:
For more information about other features of our Magento Two Factor Authentication (2FA) plugin, click here.
Setup Google Authenticator 2FA method
For Admin setup Google Authenticator 2FA method
- Register/Login with miniOrange.
- Go to the Two Factor Settings tab to enable 2fa during Sign in.
- Click on the Enable Two Factor Authentication for Admin's to setup Two Factor for Admin's.
- You can choose specific methods for different roles from the dropdown.
- Select Google Authenticator method and click on the Save button.
- When you log in the first time, you will be asked to set up two-factor authentication. Let’s see how it works.
- Enter your Admin account credentials.
- Download Google Authenticator app from the app store and sign in to the app.
- Then scan the QR code and enter the six digit passcode from the app and click on the Submit button.
- You successfully log in to your Admin account.
Note: Note down backdoor URL in case you get locked out. Backdoor URL creates a backdoor to login to your magento website.
For Customer setup Google Authenticator 2FA method
- Go to the Two Factor Settings tab to enable 2fa during customer registration.
- In the Sign in options for the customer section Enable Two Factor Authentication for Customer to setup Two Factor for customer's.
- You can select different 2FA methods for different roles or groups of customers.
- Then in the ‘ALLOW SPECIFIC 2FA METHODS TO CONFIGURE IN INLINE REGISTRATION’ section select Google Authenticator method for your customers then click on the save button.
- When you log in the first time, you will be asked to set up two-factor authentication. Let’s see how it works.
- Enter your customer account details.
- Download Google Authenticator app from the app store and sign in to the app.
- Then scan the QR code and enter the six digit passcode from the app and click on the Submit button.
- You successfully log in to your customer account.
Setup Microsoft Authenticator 2FA method with Magento plugin. This guide will help you to configure Microsoft Authenticator as Two Factor Authentication ( 2FA ) method for your Magento site. The Magento 2FA plugin will add a second layer of authentication to your Magento account to increase the security of your site from unwanted hacks and unauthorized login attempts.
Click here to know more about other features we provide in Magento 2 Factor Authentication plugin Setup Microsoft Authenticator 2FA method
For Admin setup Microsoft Authenticator 2FA method
- Register/Login with miniOrange.
- Go to the Two Factor Settings tab to enable 2fa during Sign in.
- Click on the Enable Two Factor Authentication for Admin's to setup Two Factor for Admin's.
- You can choose specific methods for different roles from the dropdown.
- Select Microsoft Authenticator method and click on the Save button.
- When you log in the first time, you will be asked to set up two-factor authentication. Let’s see how it works.
- Enter your Admin account credentials.
- Download Microsoft Authenticator app from the app store and sign in to the app.
- Then scan the QR code and enter the six digit passcode from the app and click on the Submit button.
- You successfully log in to your Admin account.
Note: Note down backdoor URL in case you get locked out. Backdoor URL creates a backdoor to login to your magento website.
For Customer setup Microsoft Authenticator 2FA method
- Go to the Two Factor Settings tab to enable 2fa during customer registration.
- In the Sign in options for the customer section Enable Two Factor Authentication for Customer to setup Two Factor for customer's.
- You can select different 2FA methods for different roles or groups of customers.
- Then in the ‘ALLOW SPECIFIC 2FA METHODS TO CONFIGURE IN INLINE REGISTRATION’ section select Microsoft Authenticator method for your customers then click on the save button.
- When you log in the first time, you will be asked to set up two-factor authentication. Let’s see how it works.
- Enter your customer account details.
- Download Microsoft Authenticator app from the app store and sign in to the app.
- Then scan the QR code and enter the six digit passcode from the app and click on the Submit button.
- You successfully log in to your customer account.
Custom Gateway
- You can setup Your own Custom Gateway in the Custom Gateway Tab.
A. Custom gateway SMTP configuration
1. In the first section add your SMTP details.
2. In the second section add your Email details.
3. In the third section test your Email configuration.
Note: Please refer below screenshot
- We do support following Gateway method:
B. Custom gateway SMS configuration
1. Twilio
2. Get Method
3. Post Method
Note: Please refer below screenshot
User Management
- User Management Section Help Admin to Search details all backend and frontend user.
- Only those users who have successfully configured Two Factor Authentication can be searched in search bar , Otherwise it will show “User does not Exist” notification.
- You need to search backend user from their Username and Frontname users from their email/username.
Backup method
- In case user are lost phone/Email or Unable to getl notification or Failed in Authentication. In Emergency you can use following backup method for admin and customers.
- Admin can use backup method using backdoor url.
- You need to notedown backdoor url, Backdoor url is given in Sign in Setting tab.
- Enter backdoor URL in browser.
- Enter your Username and password.
- You have successfully logged into your Magento account.
- For the customers KBA method available as a backup method.
- Admin can enable and disable KBA method as backup for frontend users.
- Frontend users will be asked to enter KBA details during inline.
- Enable KBA method and enter question set:
- During inline registration it will ask to fill KBA questions:
- During login:
- Out of 3 any random 2 question will be asked for KBA question:
- You successfully log in to your customer account.
A. Admin Backup Method
B. Customer backup method
Your choice of Second factor
miniOrange 2-factor extension is extendable to use any of the following 2FA methods. If you want to have any other 2-factor for your Magento site,
Contact Us.
- One time passcodes (OTP) over SMS
- OTP over Email
- OTP over SMS and Email
- Phone Verification (OTP Over Call)
- Out of Band SMS
- Out of Band Email
- Soft Token (similar to Google)
- Push Notification
- USB based Hardware token (yubico)
- Security Questions (KBA)
- Mobile Authentication (QR Code authentication)
- Voice Authentication (Biometrics)
Why Our Customers choose miniOrange Magento Single Sign-On (SSO) Solutions?
24/7 Support
We offer 24/7 support for all Magento solutions. We ensure high quality support to meet your needs.
Sign UpCustomer Reviews
See for yourself what satisfied customers have to say about our reliable Magento solutions.
ReviewsExtensive Setup Guides
Easy and precise step-by-step instructions and videos to help you configure within minutes.
Watch DemoWe offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Provisioning, and much more. Please contact us at
+1 978 658 9387 (US) | +91 97178 45846 (India) magentosupport@xecurify.com
Need Help? We are right here!
