Security > 2FA
NOTE
Stores that have enabled ÃÛ¶¹ÊÓƵ Identity Management Services (IMS) authentication have native ÃÛ¶¹ÊÓƵ Commerce and Magento Open Source two-factor authentication (2FA) disabled. Admin users who are logged into their ÃÛ¶¹ÊÓƵ Commerce instance with their ÃÛ¶¹ÊÓƵ credentials do not need to reauthenticate for many Admin tasks. Authentication is handled by ÃÛ¶¹ÊÓƵ IMS when the Admin user logs into their current session. See Integrating ÃÛ¶¹ÊÓƵ Commerce with ÃÛ¶¹ÊÓƵ IMS overview.
To access the store configuration settings, choose Stores > Settings > Configuration from the Admin sidebar.
For more information about changing these settings, see Two-factor authentication (2FA) in the Admin Systems Guide.
General
Providers to use
Global
Indicates the two-factor authentication methods that you require. If you select more than one provider, each user is required to configure each 2FA method the next time they log in.
Configuration Email URL for Web API
Global
For custom implementations, the URL for an alternate email configuration link that is sent to Admin users at first login. In the email template, use the placeholder
:tfat
to indicate where the token is injected.Retry attempt limit for Two-Factor Authentication
Global
Determines how many times an administrator can enter a one-time password (OTP) before their account is temporarily disabled. Default:
10
Two-Factor Authentication lockout time (seconds)
Global
Determines how long (in seconds) that an administrator can wait to enter a one-time password (OTP) before their account is temporarily disabled. Default:
300
OTP Window
Global
Determines how long (in seconds) that the system accepts an administrator’s one-time-password (OTP) after it has expired. Cannot be higher than the lifetime of a single OTP (usually 30 seconds). Default:
29
Duo Security
Integration Key
Global
The integration key from your Duo Security account.
Secret Key
Global
The secret key from your Duo Security account.
API Hostname
Global
The API hostname from your Duo Security account.
Authy
API Key
Global
The API key from your Authy account.
OneTouch Message
Global
The message that appears in the Authy authenticator at login. Default:
Login request to your Magento Admin
U2F Key
WebApi Challenge Domain
Global
The domain that is used to issue and process WebAuthn challenges for custom WebAPI implementations.
recommendation-more-help
d39aca6f-58a0-41c6-83eb-39fd0ef30672