User Tools

Site Tools



For more details see the Two-Factor Authentication for Magento 2 extension page.

Two-Factor Authentication for Magento 2

Protect your Magento e-business with simple yet efficient 2-step verification extension. Make sure your account is available only to verified users.

General Settings

To configure the extension, go to Admin panel → System → Configuration → Two-Factor Authentication.

Enable Two-Factor Authentication - Set Yes to enable two-factor authentication extension on your Magento account.

Note, that this will activate the request for additional security code next time you log in.

Discrepancy — modify the allowed time drift in 30 second units (e.g. 8 means 4 minutes before or after) for verification codes generation.

You can modify the interval for verification codes generation when a user faces an error.

IP White List - In this field, you can include reliable IP addresses. Users, who log in from these IP addresses will not be required for verification code (e.g. your staff members). You can add multiple IPs, separating them with coma.

Configure the extension for a particular admin role


Go to System → Permissions → Users to set admins' permissions.

Add New User - Add new admin role and configure the authentication method.

Two-Factor Settings - On the left sidebar, open the tab to configure and synchronize the extension with the Google authentication app. The application generates additional security codes.

Customize Admin role

Enable TFA - Open your Google Authenticator application and register the login by scanning the QR Code or entering the Secret Key.

Status - the default status is Not Configured. It will be switched to Configured, once you enter a Secret Key or scan the QR code.

Secret Key - Insert the Secret Key into Google Authenticator app to generate additional Security Code.

QR code - Scan QR code to receive the Secret Key and insert it into Google Authenticator app to generate additional Security Code.

Security code - Insert your received Security Code and click Check code to verify it. Verify - If Security Code is correct, then Check code link will be changed to Verified.

Once your Google Authenticator application is properly configured and synchronized, it will show a onetime passcode that changes every 30 seconds.
Press Save User button. The user will now be required to enter one-time security code when logging in admin panel.


When the verification returns the Invalid value, you can fix this by modifying the Discrepancy value in the extension general settings.

Try increasing the value by 1, save changes, and try the verification procedure once again. If you'll face the Invalid value again, please, try to increase a discrepancy one more time.

Testing two-factor authentication

To test, whether the extension was successfully synchronized with Google Authenticator App and well configured, log out from your current session and try to log in to the account you have configured.

This is how Google Authenticator App generates the security code.

Find out how to install the Two-Factor Authentication extension for Magento 2 via Composer.

Rate the user guide
 stars  from 3 votes (Details)
magento_2/two-step_authentication.txt · Last modified: 2018/05/04 12:56 by milosh