Magento Commerce, 2.2.x

Magento 2.2.x Notice: As outlined by the Magento Software Lifecycle Policy, Magento 2.2.x has reached the End-of-Support and will no longer receive quality fixes or documentation updates. To maintain your site's performance, security, and PCIPayment Card Industry: Refers to debit and credit cards and their associated businesses. compliance, upgrade to the latest version of Magento.

The online Magento 2.2.x User Guide is scheduled for removal, but will remain available in PDF for Open Source, Commerce, and Commerce for B2B.

Managing Two-Factor Authentication

If a user has issues accessing the Magento AdminThe password-protected back office of your store where orders, catalog, content, and configurations are managed. with their authenticator, they can attempt to sync or troubleshoot their authenticator. You can also reset the authenticator associated with the account. When reset, the user must reconnect and add the authenticator again when they next access the Admin.

If you have issues accessing the Magento Admin with the authenticators, consider the following:

  • Some mobile apps include options to sync. This option reconnects the app and server, updating in case time settings changed on the device or server.
  • Revoking a device or resetting an authenticator can help users connect.
  • Clearing web cache and cookies for the Magento instance can also help. Authenticators, like Google, use generated cookies to save access and duration. Clear your cookies for your specific browser and Magento instance domainThe address of a website on the web; what the customer types in their browser address bar to access the store..
  • If you have blocked cookies for your browser, this will block some authenticators, like Google, from completing verification and access. Add a rule to allow cookies for your Magento instance.
Emergency CLI Commands

Use the following commands if you lose access to the Admin.

Advanced Emergency Steps

Do not attempt modifying any database information without full understanding of modifications and database management. This is an advanced procedure.

In your database, you can modify the following tables and values to affect and override 2FA. We advise caution when making any changes directly to your database.

  • Table: core_config_data

    Set to zero to disable 2FA globally.


    Delete this entry to remove forced providers option.

  • Table: msp_tfa_user_config
    Delete one user row to reset the user's 2FA preference and configuration.