User Tools

Site Tools



For more details see how the Two-Factor Authentication for Magento 2 extension works.

Ultimate Guide for Magento 2 Two-Factor Authentication

Protect your Magento e-business with simple and efficient Two-Factor Authentication extension for Magento 2. Make sure your account is available to verified users only.

  • Apply 2-step verification
  • Provide full protection from spyware
  • Include the necessary IP addresses in the white list
  • Configure flexible settings for each user role
  • Set your device as the key to the account
See how Two-Factor Authentification protects your backend and how to configure it:

General Settings

To configure the extension, go to Admin panel → System → Configuration → Two-Factor Authentication.

Enable Two-Factor Authentication - Set to Yes to enable two-factor authentication extension on your Magento account.

Note, that this will activate the request for additional security code next time you log in.

Discrepancy — modify the allowed time drift in 30 second units (e.g. 8 means 4 minutes before or after) for verification codes generation.

You can modify the interval for verification codes generation when a user faces an error.

IP White List - In this field, you can include reliable IP addresses. Users, who log in from these IP addresses will not be required for verification code (e.g. your staff members). You can add multiple IPs, separating them with coma.

User Roles

Go to System → Permissions → Users to set admins' permissions.

Edit any existing role by clicking it or create a new one using Add New User button.

Open the Two-Factor Settings tab to configure and synchronize the extension with the Google authentication app. The application generates additional security codes.

Enable TFA - Open your Google Authenticator application and register the login by scanning the QR Code or entering the Secret Key.

Status - the default status is Not Configured. It will be switched to Configured, once you enter a Secret Key or scan the QR code.

Secret Key - Insert the Secret Key into Google Authenticator app to generate additional Security Code.

QR code - Scan QR code to receive the Secret Key and insert it into Google Authenticator app to generate additional Security Code.

Security code - Insert your received Security Code and click Check code to verify it. Verify - If Security Code is correct, then Check code link will be changed to Verified.

Once your Google Authenticator application is properly configured and synchronized, it will show a onetime passcode that changes every 30 seconds.
Press Save User button. The user will now be required to enter one-time security code when logging in admin panel.


When the verification returns the Invalid value, you can fix this by modifying the Discrepancy value in the extension general settings.

Try increasing the value by 1, save changes, and try the verification procedure once again. If you'll face the Invalid value again, please, try to increase a discrepancy one more time.

Testing two-factor authentication

To test, whether the extension was successfully synchronized with Google Authenticator App and well configured, log out from your current session and try to log in to the account you have configured.

This is how Google Authenticator App generates the security code.

Find out how to install the Two-Factor Authentication extension for Magento 2 via Composer.
Rate the user guide
 stars  from 5 votes (Details)
magento_2/two-step_authentication.txt · Last modified: 2020/11/30 12:45 by tihomirova