Admin User Emails
|Forgot Password Email Template||Global||Identifies the email template that is used for the message that is sent when an Admin user(s) forget their passwords. Default template: Forgot Admin Password|
|Forgot and Reset Email Sender||Global||Identifies the store contact that appears as the sender of the Forgot Password email. Default sender: General Contact|
|User Notification Template||Global||Determines the email template that is used as the default for admin notifications.|
|Startup Page||Global||Determines the Admin landing page that appears after you log in.|
Admin Base URL
|Use Custom Admin URL||Global||Determines if a custom URL is used to access the Magento Admin. Options: Yes / No|
|Custom Admin URL||Global||Specifies a custom URL to access the Magento Admin. By default, the Admin URL is the same as the base URL.
Important: The Admin URL must be in the same Magento installation, and have the same document root as the storefront.
|Use Custom Admin Path||Global||Determines if a custom path is used to access the Magento Admin. The default path is
|Custom Admin Path||Global||Changes the name of the default Admin path to something hard to guess. Enter the custom path name in lowercase characters. For example:
|Admin Account Sharing||Global||Determines if an Admin user(s) can be logged in to the same account simultaneously from different devices. Options:
Yes - Allows multiple active sessions from the same Admin account.
No - Allows only one active session per Admin account.
|Password Reset Protection Type||Global||Determines the method that is used to manage password reset requests. Options:
By IP and Email - The password can be reset online after a response is received from the notification is sent to the email address associated with the Admin account.
By IP - The password can be reset online without additional confirmation.
By Email - The password can be reset only by responding by email to the notification that is sent to the email address associated with the Admin account.
None - The password can be reset only by the store administrator.
|Recovery Link Expiration Period (hours)||Global||Determines the number of hours a password recovery link remains valid.|
|Max Number of Password Reset Requests||Global||Determines the maximum number of password requests that can be submitted per hour.|
|Min Time Between Password Reset Requests||Global||Determines the minimum number of minutes between password reset requests.|
|Add Secret Key to URLs||Global||When enabled, appends a secret key to the Admin URL as a precaution against exploits. Options: Yes / No|
|Login Is Case Sensitive||Global||Determines if login credentials entered by a user must match the case of the ones stored. Options: Yes / No|
|Admin Session Lifetime (seconds)||Global||Determines the length of an Admin session in seconds.|
|Maximum Login Failures to Lockout Account||Global||Determines the number of times Admin users can try to log in before their accounts are locked. If the field is empty, no minimum is set. Default value: 6|
|Lockout Time (minutes)||Global||Determines the number of minutes an Admin account is locked before the user can try to log in again. Default value: 30|
|Password Lifetime (days)||Global||Determines the number of days before an Admin password expires. If the field is empty, no lifetime is set. Default value: 90|
|Password Change||Global||Determines if Admin users are required to change their passwords. Options:
Forced - Requires that Admin users change their passwords after the account is set up.
Recommended - Recommends that Admin users change their passwords after the account is set up.
|Enable Charts||Global||Determines if the dashboard includes a chart generated from current sales data. Options: Yes / No|
|Enable CAPTCHA in Admin||Website||Enables CAPTCHA for the Admin login. Options: Yes / No|
|Font||Website||Determines the font that is used to display the CAPTCHA. To add your own font, put the font file in the same directory as your Magento instance, and add the declaration to the config.xml file at
|Forms||Website||Determines the form(s) where CAPTCHA is used. Options: Admin Login / Admin Forgot Password|
|Displaying Mode||Website||Determines when the CAPTCHA appears. Options:
Always - CAPTCHA is always required to log in.
After number of attempts to login - Displays the Number of Unsuccessful Attempts to Login field. Enter the number of login attempts allowed. A value of 0 (zero) is similar to setting Displaying Mode to Always. This option does not cover the Forgot Password and Create User forms. If CAPTCHA is enabled and set to appear, it is always included on the form.
Note: To track the number of unsuccessful login attempts, each attempt to log in under one email address and from one IP-address is counted. The maximum number of login attempts allowed from the same IP-address is 1,000. This limitation applies only when CAPTCHA is enabled.
|Number of Unsuccessful Attempts to Login||Global||Determines the number of times a person can try to login before the account is locked. To track the number of unsuccessful attempts to log in, the system tracks the login attempts from one email address from a single IP-address. The maximum number of attempts allowed from the same IP address is 1,000. This limitation applies only if CAPTCHA is enabled.|
|CAPTCHA Timeout (minutes)||Website||Determines the lifetime of the current CAPTCHA. When the CAPTCHA expires, the user must reload the page.|
|Number of Symbols||Website||Determines the number of symbols that are used in the CAPTCHA. The maximum allowed value is 8. You can also specify a range, for example, 5-8.|
|Symbols Used in CAPTCHA||Website||Determines which symbols are used in the CAPTCHA. Only letters (a-z and A-Z) and numbers (0-9) are allowed. The default set of symbols suggested in the field excludes similar-looking symbols like i, l, or 1. Displaying these symbols in CAPTCHA decreases the chances that a user will recognize CAPTCHA correctly.|
|Case Sensitive||Website||Determines if the characters used in the CAPTCHA are case sensitive. Options: Yes / No|
Admin Actions Logging
|Enable Actions||Global||Enables action logging for each of the selected actions:
Admin My Account
Admin Permission Roles
Admin Permission Users
Admin Sign In
Catalog Price Rules
Catalog Product Tax Classes
Catalog Product Templates
Checkout Terms and Conditions
Customer Tax Classes
Gift Card Accounts
Gift Registry Entity
Gift Registry Type
Manage Currency Rates
Manage Customer Address Attributes
Manage Customer Attributes
Manage Dynamic Blocks
Manage Store Views
PayPal Settlement Reports
Reward Points Rates
Rule-Based Product Relations
Sales Credit Memos
Sales Order Status
Shopping Cart Management
|Enable Admin Usage Tracking||Global||When set to Yes, Magento anonymously tracks how administrators interact with the Admin to help improve the user experience. Starting with Magento Commerce 2.3.7, this also enables interactive In-Product Guidance, that provides help and tips on using the product from within the Admin UI. Content such as new feature announcements, walk-through guides, onboarding information, tool tips, and more will be available through this feature.|