Guide for Magento 2 Two Factor Authentication

Magento 2 Two Factor Authentication adds extra security features to the account. It provides two-factor authentication for the website.

Magento 2 Two Factor Authentication adds extra security features to the account. It provides two-factor authentication for the website.

Magento 2 Two Factor Authentication is verified in two cases i.e creation of a new account and login into the account of existing customers.

It is one of the most reliable processes for the security of account purposes.

Also, Magento 2 Security extension helps secure your website form various attacks and hacks.

Go through the brief overview of the module –

• At the time of registration, Auth Code will be sent to the mobile number entered. However, it will be verified after the account will be created.
• Admin can enable/disable the TwoFactorAuth module from the admin configuration.
• Admin can enable/disable TwoFactorAuth verification of the customers at the time of registration.
• Customers have to verify to access the account.
• The admin generates backup codes for customers and notifies customers through mail.
• The verification code expiration time period can be changed by the admin.

#1 Download Module

Firstly, you need to log in to Webkul Store, go to My Account>My Purchased Products section, verify and then download and extract the contents of this zip folder on the system.

#2 Upload Folder

Once the module zip is extracted, follow path src>app and then copy the app folder into the Magento 2 root directory on the server as shown below:

#3 Run Commands

After uploading the module folder, you need to run the following commands in the Magento 2 root directory:

composer require twilio/sdk

composer require sendgrid/sendgrid

composer require pragmarx/google2fa

composer require pragmarx/google2fa-qrcode

php bin/magento setup:upgrade

php bin/magento setup:di:compileAfter clicking on Get backup codes the customer will receive the list of the Backup codes, once the account has been verified.

php bin/magento setup:static-content:deploy

php bin/magento indexer:reindex

php bin/magento cache:flush

After running the commands, you have to flush the cache from the Magento admin panel. By navigating through System > Cache management as shown below.

Install Extension from Magento Marketplace

If you have purchased this extension from the Magento Marketplace then please follow the below process or visit this link.

#1 Get Access Keys

You need to get access keys, navigate to My Profile in Magento Marketplace, and then choose Access Keys in the My Products section.

Go to Magento 2 and then you need to copy both the Access Keys – Public Key and Private Key. These access keys will be needed in the next steps for authentication.

If access keys are not created earlier, click Create A New Access Key, enter any name and click OK.

#2 Update composer.json File

To know the component name and version number, go to your Magento Marketplace account section, My Profile>My Purchases, then find this extension to view the details. Please note – Below is an example image, every extension will have its unique component name and version.

After that, navigate to your Magento project directory and update your composer.json file in the following format.

composer require <component-name>:<version>

For example, to install version 5.0.0 of this extension you need to run the following command:

composer require webkul/2fa:5.0.0

#3 Enter Access Keys

Now you will need to enter the Access Keys that you obtained as explained in the first step #1 Get Access Keys. Wait for Composer to finish updating your project dependencies and make sure there aren’t any errors.

#4 Run Commands

You need to run the following commands:

composer require twilio/sdk

composer require sendgrid/sendgrid

composer require pragmarx/google2fa

composer require pragmarx/google2fa-qrcode

php bin/magento setup:upgrade

php bin/magento setup:di:compile

php bin/magento setup:static-content:deploy

php bin/magento indexer:reindex

php bin/magento cache:flush

For multilingual support, the admin will navigate through Store > Configuration > General > Locale Options. Now select the locale as English (the language into which the admin wants to translate his store content).

Once the module of Two Factor Authentication for Magento 2 (Adobe Commerce) is installed completely. Now the admin will manage the feature from the backend by navigating to Stores > Configuration > TwoFactorAuth.

In configuration settings, the admin can enable and disable the twofactAuth.

• Enable Module on Frontend:- Admin can enable and disable the module by YES/No
• Need Auth Validation On New Customer Registration:- Set YES/NO to auth validations for a new customer.
• Need Auth Validation On Registered Customers:- Set YES/No to auth validations during login for the existing Customer.
• Enable Login Using Backup Code:- Set the backup codes to yes/no.
• Auth Code Expiry:- OTP duration is between 60 to 300 sec.
• Send OTP Via:- Mobile, Email, Sending Email Link, Push Notification, TOTP/Authenticator.

Twilio Auth

“Twilio” is a communications platform for sending and receiving text messages using its web service APIs.

The admin can signup for the Twilio services and register to the Twilio. To register, the admin can visit Twilio then click on the signup button. 

Now, from the Twilio account, the admin can access the information required in the admin dashboard. 

In the module configuration, the admin set Send OTP Via to Mobile.

• Auth ID:- Enters the Auth ID
• Token:- Enters the Token
• Message:- Enters the customized msg sent to the user.
• Sender Number:- Enters the senders’ Number.

At the time, when a new account is created by the customer. The user will enter their details.

The OTP will be sent to the customer’s mobile number.

Now customers have to go through the two-step verification.

Enter the OTP  sent on the registered mobile number. After verifying the OTP, the account is created successfully.

Existing Customer

TwoFactAuth is applicable for the existing customer. Every time when the customer does the login. He will receive the OTP.

Customer enters their login credentials. Then click on Sign In.

After entering the OTP they can use their account after verification.

Thus, the customer receives the OTP (SMS) on the mobile, as shown in the image below.

Enter the OTP  sent on the registered mobile number. After verifying the OTP, the customer will successfully log in to their account.

Customer End

At the time, when a new account is created by the customer. The user will enter their details.

After entering the credentials the customer will receive the OTP in the mail, as shown below in the snapshot:

The customer will enter the OTP and log in to the Web store.

For Customer login

The customer will enter the email ID and password on the login page.

After entering the credentials the customer will receive the OTP in the mail, as shown below in the snapshot:

By entering the OTP the customer can log in to the Magento 2 store.

Customer End

At the time, when a new account is created by the customer. The user will enter their details.

After entering the credentials the customer will receive the OTP in the mail, as shown below in the snapshot:

By clicking on this link customers will register to the Magento store.

For customer login

The customer will enter the email ID and password on the login page.

Once entering the credentials the customer will receive the link as mentioned below in the snapshot.

By clicking on the link the customer can log in.

Admin End

The admin needs to create an account on Firebase, Please click here and create a new project with your Google account.

1.  After opening the Firebase page. Please create a project by clicking Add project button.

2. Then, create a new project, enter the name of the project, and click continue.

 The next step will ask you to set up Google Analytics. Let’s go ahead and set it up.

(Optional) Enable Google Analytics for your project, then follow the prompts to select or create a Google Analytics account, if you don’t want to set google analytics disable the toggle button or you can click “Continue” and you will be taken to the project home page. 

Choose or create new Google Analytics, and click “Create a new Account”.

Finally, select your Google Analytics location (the United States by default) and read and configure the sharing settings. Finally, accept the Google Analytics Terms of Use and create a project.

The process only takes a few seconds. When finished, click “Continue” and you will be taken to the project home page.

3. After creating your new project, click on the Settings menu and then select the Project Settings option. A new Project Settings page will open.

4. After entering the Project Settings page, go to the Cloud Messaging tab. Further, from here you will find your project credentials. Copy and save your Server Key and Sender ID as shown in the snapshot below.

5. Moreover, navigate through Project Settings > General will find the other Firebase Project Credentials under web apps. You need to enter these credentials into the admin configuration.

After receiving all the credentials the admin needs to enter them in the Configuration as mentioned in the snapshot below:

Customer End

For Registration

At the time, when a new account is created by the customer. The user will enter their details.

The customer has to allow the show notifications popups then only the customer will receive the push notifications.

Then the customer will receive a pop-up notification on their device.

Then the customer will enter the received OTP.

For Customer Login

Now customer Will to enter the login credentials like email and password on the login page.

After allowing the show notifications popup, customer will receive a push notification as mentioned below in the snapshot:

From the push notification, the customer will receive the one-time verification code and by entering that, the customer can log in.

First, the admin needs to configure the module for TOTP/Authenticator.

Customer End

At the time, when a new account is created by the customer. The user will enter their details.

After entering the credentials there will be a popup in which the barcode will be there the customer can scan the barcode using Google Authenticator Application.

Once the customer scans the barcode, he will get the OTP.

By entering the OTP, the customer will register themselves to the Magento 2 Store.

For Customer Login

If the admin selected Send OTP Via TOTP/Authenticator from the configuration page. The customer will enter the credentials on the login page

The customer will get the OTP on the Google Authenticator.

By entering the OTP customer will login to the Magento 2 Store.

To update TOTP Authenticator App

To update the Authenticator App, the customer must log in to the Magento 2 Store

Then the customer will navigate to Two- Step Authentication

Then click on Update button.

Enter 6-digit OTP received on the authenticator. Then click on submit.

Now, the customer scans the QR code from their authenticator.

Then enter the Auth Code and click on verify.

The Authenticator App is successfully updated.

The Customer can also log in through the Backup code that is provided during the registration.

Note: Backup code is available for the customer during registration only if the admin enables it from the module configuration.

To enable it, the admin will configure the module.

Enable Login Using Backup Code:- Set the backup codes to yes.

The Customer will get 12 backup codes during registration.

The customer can save the backup codes in case the customer doesn’t have access to the auth code on the mobile phone or email, then the customer can use the backup code and log in to the panel.

The customer also gets the backup code on their registered Email ID.

For Customer Login

During login, customers can choose the option to Sign In another way, if they don’t have OTP.

Now the customer will enter the Backup codes to log in to the Magento 2 store.

One code can be used only once, if the customer has used one backup code, then that backup code can’t be used again.

After entering the backup code the customer is successfully logged in to the Magento 2 store.

Note: The customer can request the admin to generate the backup codes for the customer.

Admin Creating Backup code

If all the backup code is used by the customer then it shows the message on the notification.

To create the backup code for the customer, the store admin navigates to Customer -> All Customer -> Edit Customer -> Two Fact Auth.

Then click On the Generate Button.

After click on the generate button the new backup code will generated.

So, that is all about the Magento 2 Two Factor Authentication extension. If you have any queries regarding the plugin, please contact us at Webkul Support System.

Explore the Adobe Commerce Cloud development services by Webkul. You may also browse our quality Magento 2 extensions.