You need to configure Two-Factor Authorization in order to proceed

Question

Having just installed 2.4.0 from scratch, I ran into an "issue" when logging into Magento Backend for the first time:

Failed to send the message. Please contact the administrator You need to configure Two-Factor Authorization in order to proceed to your store's admin area An E-mail was sent to you with further instructions

This implies, that I won't be able to log into Magento without first setting up SMTP on the server. Is there something I'm overlooking that allows me to set this up via the CLI? Therefore, not requiring SMTP to complete the 2FA login.

Edit 1/2

Having slapped the ability for SMTP onto my test server, I got to see what the email was that it was trying to send:

You are required to configure personal Two-Factor Authorization in order to login to Main Website Store To do that please Click here

Clicking the link displayed the following

So, I'm starting to think that an SMTP enabled server should be considered a "prerequisite" for installing Magento. However, I'd prefer to see if anyone has another solution (that doesn't involve disabling 2fA).

Edit 2/2

I ended up reporting this as an issue with Magento. Having 2FA enabled by default was put in place as a security feature. Therefore, having to disable it to make Magento accessible makes that decision absolutely pointless. And yes, I could install SMTP facilities on my server but that seems overkill to send a single email.

Setting up 2FA needs to be part of the 2.4 installation docs.. This is crazy. — Nick Rolando, Sep 01 '20 at 15:31

score 86 · Answer 1 · edited Apr 11 '22 at 15:35

86

For quick access, I recommend disabling the Magento TwoFactorAuth module.

bin/magento module:disable Magento_TwoFactorAuth

edited Apr 11 '22 at 15:35

Vishal Baraiya

2,816
1
11
22

answered Jul 29 '20 at 11:20

Dmitrij Rebrov

986
5
5

1

I hear what you're saying, but that totally defeats the point of enforcing 2FA on installation. – Craig Jul 29 '20 at 11:47
In my case, I use sudo before the command and working for me.
sudo php bin/magento module:disable Magento_TwoFactorAuth
– Vikram Kumar Sep 07 '20 at 12:03
I tried to run this command and it says: -bash: bin/magento: Permission denied Why would that be and what do I need to do to make it work? – Allysin Jan 11 '21 at 23:27
I tried to disable this module but still not working – huykon225 May 21 '21 at 09:35
6

Installing Magento locally or in dev server, two factor auth is useless imo – Konstantinos Jun 16 '21 at 14:38
php bin/magento module:disable Magento_TwoFactorAuth – Thulfiqar Dec 23 '21 at 12:50

score 13 · Answer 2 · edited Jul 29 '20 at 09:41

13

please follow the below steps :

1.Select Google Authenticator as the 2FA provider:

php bin/magento config:set twofactorauth/general/force_providers google

2.Increase the lifetime of the window to 60 seconds to prevent tokens from expiring

php bin/magento config:set twofactorauth/google/otp_window 60

3.Use the following key to add the encoded value to the MFTF .credentials file:

magento/tfa/OTP_SHARED_SECRET=Google_Your_secret_key

Add the encoded shared secret to Google Authenticator

php bin/magento security:tfa:google:set-secret admin Google_Your_secret_key

please check this link for more references.

Admin => https://i.stack.imgur.com/ft9qQ.png

Thank You.

edited Jul 29 '20 at 09:41

Craig

2,650
3
15
37

answered Jul 29 '20 at 05:45

Vishal Baraiya

2,816
1
11
22

1

I read this, but there is a lack of elaboration of Step 3. ("encoded value to the MFTF .credentials file"). i.e. guidelines to generating the Secret Key and the location of the .credentials file. – Craig Jul 29 '20 at 08:44
Credentials: https://devdocs.magento.com/mftf/docs/credentials.html – Chris Aug 27 '20 at 11:01

score 5 · Answer 3 · edited Aug 05 '20 at 16:05

5

Buddy I also face the same issue after open admin webpage. You can try to disable 2 Factor Authentication module for first time login using below code in Magento root directory.

bin/magento module:disable Magento_TwoFactorAuth

I know it's not a foolproof step but you can try to login into admin page.

edited Aug 05 '20 at 16:05

Craig

2,650
3
15
37

answered Aug 05 '20 at 09:44

Nikunj Rawat

169
2
6

1

Working around the problem isn't an issue. It's just the logic of requiring more prerequisites to support an oversight. – Craig Aug 05 '20 at 14:09
I tried to run this command and it says: -bash: bin/magento: Permission denied – Allysin Jan 11 '21 at 23:24
1

Unable to change status of modules because of the following constraints: Cannot disable Magento_TwoFactorAuth because modules depend on it: Magento_AdminAdobeImsTwoFactorAuth: Magento_AdminAdobeImsTwoFactorAuth->Magento_TwoFactorAuth – Oliver Aug 31 '23 at 08:46

score 4 · Answer 4 · answered Aug 06 '20 at 01:07

4

I found a way, by adding a system configuration to Enable/Disable it. I made a module, you can download it with composer:

composer require wolfsellers/module-enabledisabletfa

Or check it at: https://github.com/wolfsellers/module-enabledisabletfa

answered Aug 06 '20 at 01:07

Rus0

378
1
10

This is EXACTLY what I needed! Worked like a charm to allow me to install via composer locally and then enable it in Staging where SMTP is functional and the intended way to setup 2FA could be followed. – Jon Gallup Feb 19 '24 at 21:11

score 4 · Answer 5 · answered Jun 03 '21 at 13:49

To disable Two Factor Authentication on localhost/dev server.

Execute the php bin/magento module:disable Magento_TwoFactorAuth command.

or,

Open app/etc/config.php and change value for 'Magento_TwoFactorAuth' to 0.

Now execute php bin/magento setup:di:compile command to compile your project.

N:B: You may need to prefix sudo with above commands depending the files and folder permission in your system.

score 3 · Answer 6 · answered May 19 '22 at 10:28

Here is a full answer with some additional details based on Nikunj Rawat answer. Sorry if this is wrong but if you know what you're doing there is no excuse for not giving full and complete answers.

Disabling doesn't help because as soon as your turn it on your stuck in the same position and unless you have SMTP setup this solution is the only sensible one that works. Tested in Magento 2.4.4 (May 18th 2022)

please follow the below steps :

1.Select Google Authenticator as the 2FA provider:

php bin/magento config:set twofactorauth/general/force_providers google

2.Increase the lifetime of the window to 60 seconds to prevent tokens from expiring

php bin/magento config:set twofactorauth/google/otp_window 60

3.Create a key (mine is URB4NW4RF4R3 for this example). Use that key in a tool like this to generated your base32 encoded shared secret:

URB4NW4RF4R3 // your shared secret

This your secret key you can now enter this into a file called .credentials located in your /magento_document_root/dev/tests/acceptance/

magento/tfa/OTP_SHARED_SECRET=KVJEENCOK42FERRUKIZQ====

Add the encoded shared secret to Google Authenticator. Open the App > click Add and select > Enter a setup key. Give an account name (domain and user) and then enter your Base32 encoded secret into the key field.
Set the secret key against your user account.

php bin/magento security:tfa:google:set-secret admin KVJEENCOK42FERRUKIZQ====

You should now be presented with this screen once you login to your account.

Thank You.

score 2 · Answer 7 · edited Aug 22 '23 at 07:40

2

Magento 2.4 add some more modules for Two-factor authorization.

Run this command

php bin/magento mod:dis Magento_AdminAdobeImsTwoFactorAuth Magento_TwoFactorAuth

Now Please run the 'setup:di:compile' command to generate classes.

edited Aug 22 '23 at 07:40

nlegall

21
7

answered Aug 16 '23 at 09:33

HaFiz Umer

1,661
1
13
39

score 1 · Answer 8 · answered Dec 27 '20 at 10:43

1

Just use this:

$ bin/magento module:disable Magento_TwoFactorAuth

And

$ php bin/magento c:c

answered Dec 27 '20 at 10:43

Sudip Jeet

41
2

score 0 · Answer 9 · answered Dec 27 '20 at 10:53

0

You can use the following module to enable/disable Two Factor Authentication on local, dev, or staging environments as you please using admin configuration.

https://github.com/markshust/magento2-module-disabletwofactorauth

answered Dec 27 '20 at 10:53

Vivek Kumar

5,115
2
24
50

score 0 · Answer 10 · answered Feb 12 '21 at 03:19

I had the same issue and was able to resolve the issue by combining the solutions above also solved the permissions denied issue.

php bin/magento config:set twofactorauth/general/force_providers google
php bin/magento config:set twofactorauth/google/otp_window 60
sudo php bin/magento module:disable Magento_TwoFactorAuth

This is what the end result is:

The following modules have been disabled:

Magento_TwoFactorAuth

Cache cleared successfully. Generated classes cleared successfully. Please run the 'setup:di:compile' command to generate classes. Info: Some modules might require static view files to be cleared. To do this, run 'module:disable' with the --clear-static-content option to clear them.

score 0 · Answer 11 · answered May 16 '22 at 19:02

Hi use this chrome authenticator extension -

https://chrome.google.com/webstore/detail/authenticator/bhghoamapcdpbohphigoooaddinpkbai?hl=en

Scan the QR code with this extension it will decode the code & provide you six digit 2 factor authentication code use this code & it will re-direct you to admin dashboard.

score 0 · Answer 12 · answered Nov 03 '23 at 05:53

0

You can skip it by commenting out if you get this error while running the following CLI command:

vendor/bin/mftf generate:tests

Open dev\tests\acceptance\ .credentials and comment out OTP_SHARED_SECRET as below:

#magento/tfa/OTP_SHARED_SECRET

answered Nov 03 '23 at 05:53

Wasim

445
4
17

You need to configure Two-Factor Authorization in order to proceed

Edit 1/2

Edit 2/2

12 Answers12

Linked

Related