Magento Open Source 2.2.x

This is the 2.3 Beta release version of Magento documentation. Content in this version is subject to change. For additional versions, see Magento Documentation and Resources

Installing Two-Factor Authentication

The Magento AdminThe password-protected back office of your store where orders, catalog, content, and configurations are managed. provides all access to your store, orders, and customer data. To further increase security to your Magento instance, add Magento Two-Factor Authentication (2FA), v3.0.0. Installing and enabling this module adds two-step authentication for all users attempting to access the Admin for all devices. All features and requirements are restricted to Admin user accounts, not extended to customer accounts.

At this time, Two-Factor Authentication can be installed only from the command line.

Two-Factor Authentication gives you the ability to:

  • Enable authenticator support for the Admin.
  • Manage and configure authenticator settings globally or per user account.
  • Reset authenticators and manage trusted devices for users.
  • Magento Community Contribution

    Magento thanks Riccardo Tempesta of MageSpecialist for contributing these features as part of the Magento Community Engineering program.

    MageSpecialist is a Magento Professional Solution Partner and Magento 2 Trained Partner. It is a dynamic and result-oriented web agency and software house, dedicated to the development of robust, reliable and scalable e-commerce solutions based on Magento and other open-source software. The agency specializes in complex software integration, high-performance hosting, and the management of mission critical projects.

Supported Authenticators

Provider

Authentication Type

Google Authenticator

Generate and enter code from mobile app

Requirements: Enable in Admin

Authy

SMS, call, token, and one touch

Requirements: Enable and API keys

U2F keys

Physical device to authenticate, YubiKey and other models supported.

Requirements: Enable in Admin

Duo Security

SMS and push notification.

Requirements: Enable, Integration and Secret keys, API hostname