Magento 2.1.x Notice: Magento 2.1.18 is the final 2.1.x release. After June 2019, Magento 2.1.x will no longer receive security patches, quality fixes, or documentation updates. To maintain your site's performance, security, and PCIPayment Card Industry: Refers to debit and credit cards and their associated businesses. compliance, upgrade to the latest version of Magento. The Magento User Guide 2.1.x remains available in PDF for Open Source and Commerce.
When your store is first installed, your loginThe process of signing into an online account. credentials give you full administrative access. As a best practice, one of the first things you should do is to create another user account with full Administrator permissions. That way, you can use one account for your everyday Administrative activities, and reserve the other as a “Super AdminThe password-protected back office of your store where orders, catalog, content, and configurations are managed.” account in case you forget your regular credentials or they somehow become unusable.
If there are others on your team, or service providers who need access, you can create a separate user account for each, and assign restricted access. To limit the websites or stores that admin users can access when they log in, you must first create a role with limited scope and access to resources. Then, you can assign the role to a specific user account. Admin users who are assigned to a restricted role can see and change data only for websites or stores that are associated with the role. They cannot make changes to any global settings or data.
|1.||On the Admin sidebar tap System. Then under Permissions, choose All Users.|
|2.||In the upper-right corner, tap Add New User.|
|3.||In the Account Information section, do the following:|
|a.||Enter the User Name for account.|
The User Name should be easy to remember. It is not case-sensitive. For example, if your user name is “John,” you can also log in as “john.”
|b.||Complete the following information:|
- First Name
- Last Name
- Email address
This email address must be different from the one that is associated with your original Admin account.
|c.||Assign a Password to the account.|
An Admin password must be seven or more characters long, and include both letters and numbers.
|d.||In the Password Confirmation box, repeat the password to make sure it was entered correctly.|
|e.||If your store has multiple languages, set Interface Locale to the language to be used for the Admin interface.|
|4.||Set This Account is to “Active.”|
|5.||Under Current User Identity Verification, enter Your Password.|
With one or more authenticators enabled for the Magento Admin, you can require one or more authenticators per Admin user account. For this option, keep the Use system value checkbox checked for Force providers and enable/configure supported authenticator providers.
We recommend only enabling one authenticator per account. Users must authenticate using every authenticator you select for their account. For example, if you select Google and U2F, the user must access with a Google Authenticator code and connect a U2F device.
|1.||In the panel on the left, choose 2FA.|
|2.||For Providers selected, select one or more authenticators.|
|3.||Tap Save User.|
If you have issues with authenticators, see Magento Two-Step Authentication for troubleshooting and additional management tools.
Admin Password Requirements
An Admin password must be seven or more characters long, and include both letters and numbers. For additional password options, see: Configuring Admin Security.