Security > 2FA
NOTE
Stores that have enabled Adobe Identity Management Services (IMS) authentication have native Adobe Commerce and Magento Open Source two-factor authentication (2FA) disabled. Admin users who are logged into their Adobe Commerce instance with their Adobe credentials do not need to reauthenticate for many Admin tasks. Authentication is handled by Adobe IMS when the Admin user logs into their current session. See Integrating Adobe Commerce with Adobe IMS overview.
To access the store configuration settings, choose Stores > Settings > Configuration from the Admin sidebar.
For more information about changing these settings, see Two-factor authentication (2FA) in the Admin Systems Guide.
General
| Field | Scope | Description |
|---|---|---|
| Providers to use | Global | Indicates the two-factor authentication methods that you require. If you select more than one provider, each user is required to configure each 2FA method the next time they log in. |
| Configuration Email URL for Web API | Global | For custom implementations, the URL for an alternate email configuration link that is sent to Admin users at first login. In the email template, use the placeholder :tfat to indicate where the token is injected. |
| Field | Scope | Description |
|---|---|---|
| OTP Window | Global | The lifetime in seconds of each one-time password (OTP) generated by Google Authenticator. Default: 30 |
Duo Security
| Field | Scope | Description |
|---|---|---|
| Integration Key | Global | The integration key from your Duo Security account. |
| Secret Key | Global | The secret key from your Duo Security account. |
| API Hostname | Global | The API hostname from your Duo Security account. |
Authy
| Field | Scope | Description |
|---|---|---|
| API Key | Global | The API key from your Authy account. |
| OneTouch Message | Global | The message that appears in the Authy authenticator at login. Default: Login request to your Magento Admin |
U2F Key
| Field | Scope | Description |
|---|---|---|
| WebApi Challenge Domain | Global | The domain that is used to issue and process WebAuthn challenges for custom WebAPI implementations. |
Resources
Adobe Account
Change language
Copyright © 2023 Adobe. All Rights Reserved.
