Guide for Magento 2 Two Factor Authentication
Magento 2 Two Factor Authentication adds extra security features to the account. It provides two-factor authentication for the website.
Magento 2 Two Factor Authentication adds extra security features to the account. It provides two-factor authentication for the website.
Magento 2 Two Factor Authentication is verified in two cases i.e creation of a new account and login into the account of existing customers.
It is one of the most reliable processes for the security of account purposes.
Also, Magento 2 Security extension helps secure your website form various attacks and hacks.
Go through the brief overview of the module –
Features
- At the time of registration, Auth Code will be sent to the mobile number entered. However, it will be verified after the account will be created.
- Admin can enable/disable the TwoFactorAuth module from the admin configuration.
- Admin can enable/disable TwoFactorAuth verification of the customers at the time of registration.
- Customers have to verify to access the account.
- The admin generates backup codes for customers and notifies customers through mail.
- The verification code expiration time period can be changed by the admin.
Install Extension from Webkul Store
#1 Download Module
Firstly, you need to log in to Webkul Store, go to My Account>My Purchased Products section, verify and then download and extract the contents of this zip folder on the system.
#2 Upload Folder
Once the module zip is extracted, follow path src>app and then copy the app folder into the Magento 2 root directory on the server as shown below:
#3 Run Commands
After uploading the module folder, you need to run the following commands in the Magento 2 root directory:
composer require twilio/sdk
composer require sendgrid/sendgrid
composer require pragmarx/google2fa
composer require pragmarx/google2fa-qrcode
php bin/magento setup:upgrade
php bin/magento setup:di:compile
php bin/magento setup:static-content:deploy
php bin/magento indexer:reindex
php bin/magento cache:flush
After running the commands, you have to flush the cache from the Magento admin panel. By navigating through System > Cache management as shown below.
Install Extension from Magento Marketplace
If you have purchased this extension from the Magento Marketplace then please follow the below process or visit this link.
#1 Get Access Keys
You need to get access keys, navigate to My Profile in Magento Marketplace, and then choose Access Keys in the My Products section.
Go to Magento 2 and then you need to copy both the Access Keys – Public Key and Private Key. These access keys will be needed in the next steps for authentication.
If access keys are not created earlier, click Create A New Access Key, enter any name and click OK.
#2 Update composer.json File
To know the component name and version number, go to your Magento Marketplace account section, My Profile>My Purchases, then find this extension to view the details. Please note – Below is an example image, every extension will have its unique component name and version.
After that, navigate to your Magento project directory and update your composer.json file in the following format.
composer require <component-name>:<version>
For example, to install version 5.0.0 of this extension you need to run the following command:
composer require webkul/2fa:5.0.0
#3 Enter Access Keys
Now you will need to enter the Access Keys that you obtained as explained in the first step #1 Get Access Keys. Wait for Composer to finish updating your project dependencies and make sure there aren’t any errors.
#4 Run Commands
You need to run the following commands:
composer require twilio/sdk
composer require sendgrid/sendgrid
composer require pragmarx/google2fa
composer require pragmarx/google2fa-qrcode
php bin/magento setup:upgrade
php bin/magento setup:di:compile
php bin/magento setup:static-content:deploy
php bin/magento indexer:reindex
php bin/magento cache:flush
Multi-Lingual Support
For multilingual support, the admin will navigate through Store > Configuration > General > Locale Options. Now select the locale as English (the language into which the admin wants to translate his store content).
Admin Configuration
Once the module of Two Factor Authentication for Magento 2 (Adobe Commerce) is installed completely. Now the admin will manage the feature from the backend by navigating to Stores > Configuration > TwoFactorAuth.
In configuration settings, the admin can enable and disable the twofactAuth.
- Enable Module on Frontend:- Admin can enable and disable the module by YES/No
- Need Auth Validation On New Customer Registration:- To register new customer validation needed or not YES/No.
- Need Auth Validation On Customer Registration:- To register customer validation needed or not YES/No.
- Enable Login Using Backup Code:- Set the backup codes to yes/no.
- Auth Code Expiry:- OTP duration is between 60 to 300 sec.
- Send OTP Via:- Mobile, Email, Sending Email Link, Push Notification, TOTP/Authenticator.
Twilio Auth
“Twilio” is a communications platform for sending and receiving text messages using its web service APIs.
The admin can signup for the Twilio services and register to the Twilio. To register, the admin can visit Twilio then click on the signup button.
Now, from the Twilio account, the admin can access the information required in the admin dashboard.
Magento 2 Two Factor Authentication – Workflow
Send OTP Via Mobile
In the module configuration, the admin set Send OTP Via to Mobile.
- Auth ID:- Enters the Auth ID
- Token:- Enters the Token
- Message:- Enters the customized msg sent to the user.
At the time, when a new account is created by the customer. The user will enter their details.
The OTP will be sent to the customer’s mobile number.
Now customers have to go through the two-step verification.
Enter the OTP sent on the registered mobile number. After verifying the OTP, the account is created successfully.
Existing Customer
TwoFactAuth is applicable for the existing customer. Every time when the customer does the login. He will receive the OTP.
Customer enters their login credentials. Then click on Sign In.
After entering the OTP they can use their account after verification.
Thus, the customer receives the OTP (SMS) on the mobile, as shown in the image below.
Enter the OTP sent on the registered mobile number. After verifying the OTP, the customer will successfully log in to their account.
Send OTP Via Email
Admin End – Workflow
Customer End
At the time, when a new account is created by the customer. The user will enter their details.
After entering the credentials the customer will receive the OTP in the mail, as shown below in the snapshot:
Customer will enter the OTP and logged in to the Web store.
For cutomer login
The customer will enter the email ID and password on the login page.
After entering the credentials the customer will receive the OTP in the mail, as shown below in the snapshot:
By entering the OTP the customer can log in into the account.
Send via Sending Email Link
The admin needs to create an account on SendGrid for the SendGrid API Key, Follow the same steps mentioned in the previous topic.
At the time, when a new account is created by the customer. The user will enter their details.
After entering the credentials the customer will receive the verify link in the mail, as shown below in the snapshot:
By clicking on this link customer will registered to the Magento store.
For cutomer login
The customer will enter the email ID and password on the login page.
Once entering the credentials the customer will receive the link as mentioned below in the snapshot.
By clicking on the link the customer can log in.
Send OTP Via Push Notification
Admin End
The admin needs to create an account on Firebase, Please click here and create a new project with your Google account.
1. After opening the Firebase page. Please create a project by clicking Add project button.
2. Then, create a new project, enter the name of the project, and click continue.
The next step will ask you to set up Google Analytics. Let’s go ahead and set it up.
(Optional) Enable Google Analytics for your project, then follow the prompts to select or create a Google Analytics account, if you don’t want to set google analytics disable the toggle button or you can click “Continue” and you will be taken to the project home page.
Choose or create new Google Analytics, and click “Create a new Account”.
Finally, select your Google Analytics location (the United States by default) and read and configure the sharing settings. Finally, accept the Google Analytics Terms of Use and create a project.
The process only takes a few seconds. When finished, click “Continue” and you will be taken to the project home page.
3. After creating your new project, click the Settings menu icon. And then select the Project Settings option. Please view the below screenshot. A new Project Settings page will open.
4. After entering the Project Settings page, go to the Cloud Messaging tab. Further, from here you will find your ProjectCredentials. Copy and save your Server Key and Sender ID as shown in the snapshot below.
5. Moreover, navigate through Project Settings > General will find the other Firebase Project Credentials under web apps. You need to enter these credentials into the admin configuration.
After receiving all the credentials the admin needs to enter them in the Configuration as mentioned in the snapshot below:
Customer End
The customer has to allow the show notifications popups then only the customer will receive the push notifications.
Now customer needs to enter the login credentials like email and password on the login page.
After allowing the show notifications popup, customer will receive a push notification as mentioned below in the snapshot:
From the push notification, the customer will receive the one-time verification code and by entering that, the customer can log in.
Send OTP Via TOTP/Authenticator
First, the admin needs to configure the module for TOTP/Authenticator.
If the admin selected Send OTP Via TOTP/Authenticator from the configuration page. In this case, the customer needs can verify the account via scanner, enter the credentials on the login page
After entering the credentials there will be a popup in which the barcode will be there the customer can scan the barcode using Google Authenticator Application .
Once the customer scans the barcode, he will get the OTP and by entering the OTP, the customer can verify the account after login or registering.
Send OTP Via Backup Code
If the admin selected Send OTP Via Backup Code at the time of configuration then, after the customer created or registered the account, the customer needs to click on the Backup Code option on the left-hand side, and then click on Get backup codes.
After clicking on Get backup codes the customer will receive the list of the Backup codes, once the account has been verified.
The customer can save the backup codes in case the customer doesn’t have access to the auth code on the mobile phone or email, then the customer can use the backup code and log in to the panel.
One code can be used only once, if the customer has used one backup code, then that backup code can’t be used again and also it going to be removed.
That’s all for the Two Factor Authentication for Magento 2 extension. Still, if you face any issues feel free to add a ticket. Let us know your views on making the module better https://webkul.uvdesk.com/
Explore the Adobe Commerce Cloud development services by Webkul. You may also browse our quality Magento 2 extensions.
Magento 2 Two Factor Authentication is verified in two cases i.e creation of a new account and login into the account of existing customers.
It is one of the most reliable processes for the security of account purposes.
Also, Magento 2 Security extension helps secure your website form various attacks and hacks.
Go through the brief overview of the module –
Features
- At the time of registration, Auth Code will be sent to the mobile number entered. However, it will be verified after the account will be created.
- Admin can enable/disable the TwoFactorAuth module from the admin configuration.
- Admin can enable/disable TwoFactorAuth verification of the customers at the time of registration.
- Customers have to verify to access the account.
- The admin generates backup codes for customers and notifies customers through mail.
- The verification code expiration time period can be changed by the admin.
Install Extension from Webkul Store
#1 Download Module
Firstly, you need to log in to Webkul Store, go to My Account>My Purchased Products section, verify and then download and extract the contents of this zip folder on the system.
#2 Upload Folder
Once the module zip is extracted, follow path src>app and then copy the app folder into the Magento 2 root directory on the server as shown below:
#3 Run Commands
After uploading the module folder, you need to run the following commands in the Magento 2 root directory:
composer require twilio/sdk
composer require sendgrid/sendgrid
composer require pragmarx/google2fa
composer require pragmarx/google2fa-qrcode
php bin/magento setup:upgrade
php bin/magento setup:di:compile
php bin/magento setup:static-content:deploy
php bin/magento indexer:reindex
php bin/magento cache:flush
After running the commands, you have to flush the cache from the Magento admin panel. By navigating through System > Cache management as shown below.
Install Extension from Magento Marketplace
If you have purchased this extension from the Magento Marketplace then please follow the below process or visit this link.
#1 Get Access Keys
You need to get access keys, navigate to My Profile in Magento Marketplace, and then choose Access Keys in the My Products section.
Go to Magento 2 and then you need to copy both the Access Keys – Public Key and Private Key. These access keys will be needed in the next steps for authentication.
If access keys are not created earlier, click Create A New Access Key, enter any name and click OK.
#2 Update composer.json File
To know the component name and version number, go to your Magento Marketplace account section, My Profile>My Purchases, then find this extension to view the details. Please note – Below is an example image, every extension will have its unique component name and version.
After that, navigate to your Magento project directory and update your composer.json file in the following format.
composer require <component-name>:<version>
For example, to install version 5.0.0 of this extension you need to run the following command:
composer require webkul/2fa:5.0.0
#3 Enter Access Keys
Now you will need to enter the Access Keys that you obtained as explained in the first step #1 Get Access Keys. Wait for Composer to finish updating your project dependencies and make sure there aren’t any errors.
#4 Run Commands
You need to run the following commands:
composer require twilio/sdk
composer require sendgrid/sendgrid
composer require pragmarx/google2fa
composer require pragmarx/google2fa-qrcode
php bin/magento setup:upgrade
php bin/magento setup:di:compile
php bin/magento setup:static-content:deploy
php bin/magento indexer:reindex
php bin/magento cache:flush
Multi-Lingual Support
For multilingual support, the admin will navigate through Store > Configuration > General > Locale Options. Now select the locale as English (the language into which the admin wants to translate his store content).
Admin Configuration
Once the module of Two Factor Authentication for Magento 2 (Adobe Commerce) is installed completely. Now the admin will manage the feature from the backend by navigating to Stores > Configuration > TwoFactorAuth.
In configuration settings, the admin can enable and disable the twofactAuth.
- Enable Module on Frontend:- Admin can enable and disable the module by YES/No
- Need Auth Validation On New Customer Registration:- To register new customer validation needed or not YES/No.
- Need Auth Validation On Customer Registration:- To register customer validation needed or not YES/No.
- Enable Login Using Backup Code:- Set the backup codes to yes/no.
- Auth Code Expiry:- OTP duration is between 60 to 300 sec.
- Send OTP Via:- Mobile, Email, Sending Email Link, Push Notification, TOTP/Authenticator.
- Auth ID:- Enters the Auth ID
- Token:- Enters the Token
- Message:- Enters the customized msg sent to the user.
Twilio Auth
“Twilio” is a communications platform for sending and receiving text messages using its web service APIs.
The admin can signup for the Twilio services and register to the Twilio. To register, the admin can visit Twilio then click on the signup button.
Now, from the Twilio account, the admin can access the information required in the admin dashboard.
Magento 2 Two Factor Authentication – Workflow
Send OTP Via Mobile
In the module configuration, the admin set Send OTP Via to Mobile.
At the time, when a new account is created by the customer. The user will enter their details.
The OTP will be sent to the customer’s mobile number.
Now customers have to go through the two-step verification.
Enter the OTP sent on the registered mobile number. After verifying the OTP, the account is created successfully.
Existing Customer
TwoFactAuth is applicable for the existing customer. Every time when the customer does the login. He will receive the OTP.
Customer enters their login credentials. Then click on Sign In.
After entering the OTP they can use their account after verification.
Thus, the customer receives the OTP (SMS) on the mobile, as shown in the image below.
Enter the OTP sent on the registered mobile number. After verifying the OTP, the customer will successfully log in to their account.
Send OTP Via Email
Admin End
Enter the API Key and the Email ID from which the SendGrid account has been created by the admin, at the Configuration page as mentioned below in the snapshot :
Customer End
At the time, when a new account is created by the customer. The user will enter their details.
After entering the credentials the customer will receive the OTP in the mail, as shown below in the snapshot:
Customer will enter the OTP and logged in to the Web store.
For cutomer login
The customer will enter the email ID and password on the login page.
After entering the credentials the customer will receive the OTP in the mail, as shown below in the snapshot:
By entering the OTP the customer can log in into the account.
Send via Sending Email Link
The admin needs to create an account on SendGrid for the SendGrid API Key, Follow the same steps mentioned in the previous topic.
At the time, when a new account is created by the customer. The user will enter their details.
After entering the credentials the customer will receive the verify link in the mail, as shown below in the snapshot:
By clicking on this link customer will registered to the Magento store.
For cutomer login
The customer will enter the email ID and password on the login page.
Once entering the credentials the customer will receive the link as mentioned below in the snapshot.
By clicking on the link the customer can log in.
Send OTP Via Push Notification
Admin End
The admin needs to create an account on Firebase, Please click here and create a new project with your Google account.
1. After opening the Firebase page. Please create a project by clicking Add project button.
2. Then, create a new project, enter the name of the project, and click continue.
The next step will ask you to set up Google Analytics. Let’s go ahead and set it up.
(Optional) Enable Google Analytics for your project, then follow the prompts to select or create a Google Analytics account, if you don’t want to set google analytics disable the toggle button or you can click “Continue” and you will be taken to the project home page.
Choose or create new Google Analytics, and click “Create a new Account”.
Finally, select your Google Analytics location (the United States by default) and read and configure the sharing settings. Finally, accept the Google Analytics Terms of Use and create a project. The process only takes a few seconds. When finished, click “Continue” and you will be taken to the project home page.
3. After creating your new project, click the Settings menu icon. And then select the Project Settings option. Please view the below screenshot. A new Project Settings page will open.
4. After entering the Project Settings page, go to the Cloud Messaging tab. Further, from here you will find your ProjectCredentials. Copy and save your Server Key and Sender ID as shown in the snapshot below.
5. Moreover, navigate through Project Settings > General will find the other Firebase Project Credentials under web apps. You need to enter these credentials into the admin configuration.
After receiving all the credentials the admin needs to enter them in the Configuration as mentioned in the snapshot below:
Customer End
The customer has to allow the show notifications popups then only the customer will receive the push notifications.
Now customer needs to enter the login credentials like email and password on the login page.
After allowing the show notifications popup, customer will receive a push notification as mentioned below in the snapshot:
From the push notification, the customer will receive the one-time verification code and by entering that, the customer can log in.
Send OTP Via TOTP/Authenticator
If the admin selected Select sent OTP Via TOTP/Authenticator from the configuration page.
Then, the admin first registers themselves to the Magento store.
After entering the credentials there will be a popup in which the barcode will be there the customer can scan the barcode using Google Authenticator Application .
Once the user scans the barcode, they will get the OTP and by entering the OTP, the user can verify their account.
For Customer Login
The customer needs to verify the account via scanner, enter the credentials on the login page
After entering the credentials he will get the OTP and by entering the OTP, the customer can verify the account after login using Google Authenticator Application .
The customer will enter the code received on Google Authenticator Application .
Login Via Backup Code
The Customer can also log in through the Backup code that is provided during the registration.
To enable it, the customer will configure the module.
Enable Login Using Backup Code:- Set the backup codes to yes.
The Customer will get 12 backup codes during registration.
To access their backup codes, the customer will navigate to their account. Then click on backup codes.
After clicking on Get backup codes the customer will receive the list of the Backup codes, once the account has been verified.
The customer can save the backup codes in case the customer doesn’t have access to the auth code on the mobile phone or email, then the customer can use the backup code and log in to the panel.
One code can be used only once, if the customer has used one backup code, then that backup code can’t be used again and also it going to be removed.
Note: The customer can request the admin to generate the backup codes only if all the backup codes get used by the Customer.
Admin can create a backup code for the customer.
Support
So, that is all about the Magento 2 Two Factor Authentication extension. If you have any queries regarding the plugin, please contact us at Webkul Support System.
Explore the Adobe Commerce Cloud development services by Webkul. You may also browse our quality Magento 2 extensions.