Two Factor Authentication for Magento 2

Magento 2 Two Factor Authentication adds extra security features to the account. It provides two-factor authentication for the website.

Magento 2 Two Factor Authentication is verified in two cases i.e creation of a new account and login into the account of existing customers.

It is one of the most reliable processes for the security of account purposes.

Also, Magento 2 Security extension helps secure your website form various attacks and hacks.

Go through the brief overview of the module –

• At the time of registration, Auth Code will be sent to the mobile number entered. However, it will be verified after the account will be created.
• Admin can enable/disable the TwoFactorAuth module from the admin configuration.
• Admin can enable/disable TwoFactorAuth verification of the customers at the time of registration.
• Customers have to verify to access the account.
• The verification code expiration time period can be changed by the admin.

#1 Download Module

Firstly, you need to log in to Webkul Store, go to My Account>My Purchased Products section, verify and then download and extract the contents of this zip folder on the system.

#2 Upload Folder

Once the module zip is extracted, follow path src>app and then copy the app folder into the Magento 2 root directory on the server as shown below:

#3 Run Commands

After uploading the module folder, you need to run the following commands in the Magento 2 root directory:

composer require twilio/sdk

composer require sendgrid/sendgrid

composer require pragmarx/google2fa

composer require pragmarx/google2fa-qrcode

php bin/magento setup:upgrade

php bin/magento setup:di:compile

php bin/magento setup:static-content:deploy

php bin/magento indexer:reindex

php bin/magento cache:flush

After running the commands, you have to flush the cache from the Magento admin panel. By navigating through System > Cache management as shown below.

Install Extension from Magento Marketplace

If you have purchased this extension from the Magento Marketplace then please follow the below process or visit this link.

#1 Get Access Keys

You need to get access keys, navigate to My Profile in Magento Marketplace, and then choose Access Keys in the My Products section.

Go to Magento 2 and then you need to copy both the Access Keys – Public Key and Private Key. These access keys will be needed in the next steps for authentication.

If access keys are not created earlier, click Create A New Access Key, enter any name and click OK.

#2 Update composer.json File

To know the component name and version number, go to your Magento Marketplace account section, My Profile>My Purchases, then find this extension to view the details. Please note – Below is an example image, every extension will have its unique component name and version.

After that, navigate to your Magento project directory and update your composer.json file in the following format.

composer require <component-name>:<version>

For example, to install version 5.0.0 of this extension you need to run the following command:

composer require webkul/2fa:5.0.0

#3 Enter Access Keys

Now you will need to enter the Access Keys that you obtained as explained in the first step #1 Get Access Keys. Wait for Composer to finish updating your project dependencies and make sure there aren’t any errors.

#4 Run Commands

You need to run the following commands:

composer require twilio/sdk

composer require sendgrid/sendgrid

composer require pragmarx/google2fa

composer require pragmarx/google2fa-qrcode

php bin/magento setup:upgrade

php bin/magento setup:di:compile

php bin/magento setup:static-content:deploy

php bin/magento indexer:reindex

php bin/magento cache:flush

For multilingual support, the admin will navigate through Store > Configuration > General > Locale Options. Now select the locale as English (the language into which the admin wants to translate his store content).

Once the module of Two Factor Authentication for Magento 2 (Adobe Commerce) is installed completely. The admin will now manage the feature from the backend by navigating to Stores > Configuration > TwoFactorAuth.

Admin Enable /Disable 

In configuration settings, the admin can enable and disable the twofactAuth.

• Enable Module on Frontend:- Admin can enable and disable the module by YES/No
• Need Auth Validation On Customer Registration:- To register new customer validation needed or not YES/No.
• Auth Code Expiry:- OTP duration is between 60 to 300 sec.
• Send OTP Via:- Mobile, Email, Sending Email Link, Push Notification, TOTP/Authenticator, Backup Code.

Twilio Auth

“Twilio” is a communications platform for sending and receiving text messages using its web service APIs.

The admin can signup for the Twilio services and register to the Twilio. To register, the admin can visit Twilio then click on the signup button. 

Now, from the Twilio account, the admin can access the information required in the admin dashboard. 

Send OTP Via Mobile

At the time new account was created by the customer. OTP will be sent to the customer’s mobile number. Now customer has to go through the two-step verification. As per the given below image.

Enter the OTP  sent on the registered mobile number. After the verification Account is verified successfully of a new customer. It appears like the given below image.

Existing Customer

TwoFactAuth is applicable for the existing customer. Any time an existing customer does the login. He receives the OTP. After entering the OTP they can use their account after verification.

Thus, the customer receives the OTP (SMS) on the mobile, as shown in the image below.

Send OTP Via Email

Admin End

The admin needs to create an account on SendGrid for the SendGrid API Key, Follow the below-mentioned steps for creating the account on SendGrid:

Create your account, enter the email and password and click on Create account.

Once the Admin has created the account he will be redirected towards the Dashboard of SendGrid

On the Dashboard on the left side, go to the Email API option then click on Integration Guide below mentioned page will appear, click on Choose in the Web API box.

Next, choose the language you want to use

On the below-mentioned page, the admin needs to create the API key, enter the first API Key name and click on Create Key.

After clicking on the Create Key, the admin will get the API Key.

Enter the API Key and the Email ID from which the SendGrid account has been created by the admin, at the Configuration page as mentioned below in the snapshot :

Customer End

The customer will enter the email ID and password on the login page.

After entering the credentials the customer will receive the OTP in the mail, as shown below in the snapshot:

By entering the OTP the customer can log in into the account.

Send OTP Via Email Link

The admin needs to create an account on SendGrid for the SendGrid API Key, Follow the same steps mentioned in the previous topic.

The customer will enter the email ID and password on the login page.

Once entering the credentials the customer will receive the link as mentioned below in the snapshot.

By clicking on the link the customer can log in.

Send OTP Via Push Notification

Admin End

The admin needs to create an account on Firebase, Please click here and create a new project with your Google account.

1.  After opening the Firebase page. Please create a project by clicking Add project button.

2. Then, create a new project, enter the name of the project, and click continue.

 The next step will ask you to set up Google Analytics. Let’s go ahead and set it up.

(Optional) Enable Google Analytics for your project, then follow the prompts to select or create a Google Analytics account, if you don’t want to set google analytics disable the toggle button or you can click “Continue” and you will be taken to the project home page. 

Choose or create new Google Analytics, and click “Create a new Account”.

Finally, select your Google Analytics location (the United States by default) and read and configure the sharing settings. Finally, accept the Google Analytics Terms of Use and create a project. The process only takes a few seconds. When finished, click “Continue” and you will be taken to the project home page.

3. After creating your new project, click the Settings menu icon. And then select the Project Settings option. Please view the below screenshot. A new Project Settings page will open.

4. After entering the Project Settings page, go to the Cloud Messaging tab. Further, from here you will find your ProjectCredentials. Copy and save your Server Key and Sender ID as shown in the snapshot below.

5. Moreover, navigate through Project Settings > General will find the other Firebase Project Credentials under web apps. You need to enter these credentials into the admin configuration.

After receiving all the credentials the admin needs to enter them in the Configuration as mentioned in the snapshot below:

Customer End

The customer has to allow the show notifications popups then only the customer will receive the push notifications.

Now customer needs to enter the login credentials like email and password on the login page.

After allowing the show notifications popup, customer will receive a push notification as mentioned below in the snapshot:

From the push notification, the customer will receive the one-time verification code and by entering that, the customer can log in.

Send OTP Via TOTP/Authenticator

If the admin selected Send OTP Via TOTP/Authenticator from the configuration page. In this case, the customer needs can verify the account via scanner, enter the credentials on the login page

After entering the credentials there will be a popup in which the barcode will be there the customer can scan the barcode using Google Authenticator Application .

Once the customer scans the barcode, he will get the OTP and by entering the OTP, the customer can verify the account after login or registering.

Send OTP Via Backup Code

If the admin selected Send OTP Via Backup Code at the time of configuration then, after the customer created or registered the account, the customer needs to click on the Backup Code option on the left-hand side, and then click on Get backup codes.

After clicking on Get backup codes the customer will receive the list of the Backup codes, once the account has been verified.

The customer can save the backup codes in case the customer doesn’t have access to the auth code on the mobile phone or email, then the customer can use the backup code and log in to the panel.

One code can be used only once, if the customer has used one backup code, then that backup code can’t be used again and also it going to be removed.

That’s all for the Two Factor Authentication for Magento 2 extension. Still, if you face any issues feel free to add a ticket. Let us know your views on making the module better https://webkul.uvdesk.com/

Explore the Adobe Commerce Cloud development services by Webkul. You may also browse our quality Magento 2 extensions.