Your Admin account

The primary Admin account was initially set up during the installation, and might contain initial placeholder information or sample data information. The designated owner of this account can personalize the user name and password and update the first name, last name, and email address at any time. This account, a super user with all permissions by default, typically creates the Admin user accounts needed for the business.

Adobe Commerce merchants who have an Adobe ID and want a streamlined login to Adobe Commerce and Adobe Business products can integrate Commerce Admin authentication with the Adobe IMS authentication workflow. After this integration is enabled for your Commerce store, each Admin user must use their Adobe credentials — not their Commerce account credentials — to log in. See Integrating Adobe Commerce with Adobe IMS overview.

Admin sign-in

The Commerce Admin is protected by multiple layers of security measures to prevent unauthorized access to your store, order, and customer data. The first time you sign in to the Admin, you are required to enter your username and password and to set up two-factor authentication (2FA).

Depending on the configuration of your store, there may be a CAPTCHA challenge to resolve, such as entering a series of keyboard characters, solving a puzzle, or clicking a series of images with a common theme. These tests are designed to identify you as a human, rather than an automated bot.

For additional security, you can determine which parts of the Admin each user has permission to access, and also limit the number of login attempts. By default, after six attempts the account is locked, and the user must wait a few minutes before trying again. Locked accounts can also be reset from the Admin.

The first time you sign in to the Admin, you are prompted to Allow admin usage data collection. See Usage data collection for more information.

Admin sign in {width="400"}

Step 1: Set up two-factor authentication

Before you can sign in to the Admin of your store, you must have a two-factor authentication solution set up and ready to use. To learn more about the authentication process used by each solution, see Using Two-Factor Authentication. By default, Commerce supports Google Authenticator.

Ask your Commerce system administrator which 2FA solutions are supported for the store. Then, complete the setup of your preferred 2FA solution according to the provider’s instructions.

Step 2: Sign in to the Admin

  1. Enter the Admin URL that was specified during the Commerce installation.

    The default Admin URL looks something like

    note note
    Although this documentation uses admin as the base URL in most examples, it is recommended that you choose a unique and hard-to-guess custom URL for the Admin of your store.

    You can add a bookmark for the page or save a shortcut on your desktop for easy access.

  2. Enter your Admin Username and Password.

  3. (Optional) If a CAPTCHA is enabled for your store, follow the onscreen instructions to resolve the challenge.

    To learn more, see CAPTCHA and reCAPTCHA.

  4. Click Sign in.

    If it is the first time you have signed in to the Admin from the account, you should receive an email with a link to configuration instructions.

Step 3: Complete the 2FA configuration

The following example shows how to pair your Admin account with Google Authenticator.

  1. When the QR code appears, use one of the following methods to capture the code and pair Google Authenticator with your Admin account.

    Set up Google Authenticator {width="400"}

    • Capture QR Code using a smart phone

      On your smart phone, launch Google Authenticator. Tap the plus sign (+) in the upper-right corner of the app. Then at the bottom of the screen, tap Scan Barcode and take a picture of the QR code.

    • Capture QR Code from browser

      If Google Authenticator is installed as an extension in your browser, click the Authenticator icon in the toolbar and capture the page.

    • Manually enter QR code

      Copy the string of text below the QR code. Launch Google Authenticator with either your smart phone or browser, and click the plus sign (+). Then, choose Manual Entry. Under Account, enter the email address that is associated with your Admin account and paste the QR code string into the Key field.

  2. To sign in to the Admin with two-factor authentication, enter the six-digit code generated by Google Authenticator into the Authenticator code field, and then click Confirm.

    Enter the Authenticator code {width="400"}

Reset your password

Reuse of the last four passwords assigned to the account is not allowed.

  1. Enter the Email Address that is associated with the Admin account.

    Forgotten password {width="400"}

  2. Click Retrieve Password.

    If an account is associated with the email address, an email is sent to reset your password.

    note note
    An Admin password must be seven or more characters long and include both letters and numbers. See Configuring Admin Security for information about password options.

Sign out of the Admin

  1. In the upper-right corner, click the Account ( Account ) icon.

  2. Click Sign Out.

    Sign out {width="700" modal="regular"}

The Sign In page displays a message that you are logged out. Sign out of the Admin whenever you leave your computer unattended.

Edit account information

  1. Click the Account ( Account icon ) icon.

  2. Click Account Setting.

    Account Information {width="700" modal="regular"}

  3. Make necessary changes to your account information.

    If you change your login credentials, ensure you store them in a secure location.

  4. Enter your current account password.

  5. Click Save Account.

Allow multiple Admin logins

The Admin provides access to manage the orders, customers, products, shipping, and payments functionalities. The default configuration is set to disallow multiple logins for an Admin user account as a security best practice. However, you can change this setting to allow Admin users to be logged in from multiple devices to accommodate your business workflows.

  1. On the Admin sidebar, go to Stores > Settings > Configuration.

  2. In the left navigation panel, expand Advanced and choose Admin.

  3. Expand Expansion selector the Security section.

  4. For Admin Account Sharing, select Yes.

    Allow Admin account sharing {width="700" modal="regular"}

  5. Click Save Config.

Set Admin user login names as case sensitive

  1. On the Admin sidebar, go to Stores > Settings > Configuration.

  2. In the left navigation panel, expand Advanced and choose Admin.

  3. Expand Expansion selector the Security section.

  4. Set the Login is Case Sensitive field to Yes.

  5. Click Save Config.