Configure 2FA(Factor Authentication) for store in Magento 2

The Magento administrator provides all access to your shop, orders and customer data. To increase the security of your Magento store, Magento Two-Factor Authentication (2FA) adds support for two-step authentication for multiple providers. If enabled, users attempting to log in to the administrator must complete a second step to verify their account. All functionality and requirements are limited to administrator user accounts, they do not extend to customer accounts.

To Configure 2FA(Factor Authentication) follow below steps:

Step 1: Login to admin panel and go to Store -> Settings -> Configuration.

Step 2: Select Security and Click on 2FA .

  1. Expand the General section and set Enable Two-Factor Authentication to Yes.
  2. Select the authenticators needed for all users. To allow users to select their authenticator, do not select an option.

Google Authenticator

  • Enable this Provider by selecting Yes.
  • Enable “trust this device” option. This is (Optional) if you required then select Yes. NOTE: This option should be used in HTTPS only environments
Google Authenticator

U2F Devices (Yubikey and others)

  • Enable this Provider by selecting Yes.
  • Enable “trust this device” option. This is (Optional) if you required then select Yes.
U2F Devices

Duo Security

  • Enable this Provider by selecting Yes.
  • Enter the following keys for your account:
    • Integration key
    • Secret key
  • Enter the API hostname.
Duo Security

Authy

  • Enable this Provider by selecting Yes.
  • Enter the API Key.
  • Enable “trust this device” option. This is (Optional) if you required then select Yes. NOTE: This option should be used in HTTPS only environments
  • To edit the OneTouch message, clear the Use system value checkbox. Then enter the message you want to use.

Step 5: Click on Save Config button.

Step 6: Go to System -> Permissions -> All Users and select the user.

Step 7: Go to 2FA and select the 2FA Providers by clicking on check-box.

Step 8: Go to User Info and in Current User Identity Verification enter Your Password then click on Save User.

Step 9: Now you will see the 2FA Google Authenticator.Scan this QR Code with Google Authenticator app in your Mobile Phone.

Step 10: After completing this process at every login you will ask for Authenticator code.