Magento 2.4 enables two-factor authentication by default. Earlier, Magento 2 did offer an option to install two-factor authentication. The store owner can enable or disable the Magento 2 2FA as per the requirements. However, if you have downloaded the latest Magento 2 version and installed it, you might have noticed that the two-factor authentication cannot be disabled. Though it is not recommended to disable 2FA in Magento 2 for security purpose, you may want to still do it for multiple reasons:
- Testing environment
- The store is in the development stage
Method to disable Magento 2 two factor authentication:
Create config.xml
1
2
3
4
5
6
7
8
9
10
11
|
<?xml version=“1.0”?>
<config xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”
xsi:noNamespaceSchemaLocation=“urn:magento:module:Magento_Store:etc/config.xsd”>
<default>
<twofactorauth>
<general>
<enable>1</enable>
</general>
</twofactorauth>
</default>
</config>
|
1
2
3
4
5
6
|
<?xml version=“1.0”?>
<config xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance” xsi:noNamespaceSchemaLocation=“urn:magento:framework:ObjectManager/etc/config.xsd”>
<type name=“Magento\TwoFactorAuth\Model\TfaSession”>
<plugin name=“bypassTwoFactorAuth” type=“MarkShust\DisableTwoFactorAuth\Plugin\BypassTwoFactorAuth”/>
</type>
</config>
|
1
2
3
4
5
6
7
8
|
<?xml version=“1.0”?>
<config xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance” xsi:noNamespaceSchemaLocation=“urn:magento:framework:Module/etc/module.xsd”>
<module name=“MarkShust_DisableTwoFactorAuth”>
<sequence>
<module name=“Magento_TwoFactorAuth”/>
</sequence>
</module>
</config>
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
<?xml version=“1.0”?>
<config xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”
xsi:noNamespaceSchemaLocation=“urn:magento:module:Magento_Config:etc/system_file.xsd”>
<system>
<section id=“twofactorauth”>
<group id=“general”>
<field id=“enable” translate=“label” type=“select” sortOrder=“1” showInDefault=“1” canRestore=“1”>
<label>Enable 2FA</label>
<source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
<comment>Warning: Enabling 2FA will immediately prompt admin user for OTP code.</comment>
</field>
<field id=“force_providers”>
<depends>
<field id=“enable”>1</field>
</depends>
</field>
<field id=“webapi_notification_url”>
<depends>
<field id=“enable”>1</field>
</depends>
</field>
</group>
</section>
</system>
</config>
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
<?php
declare(strict_types=1);
namespace MarkShust\DisableTwoFactorAuth\Plugin;
use Magento\Framework\App\Config\ScopeConfigInterface;
use Magento\TwoFactorAuth\Model\TfaSession;
class BypassTwoFactorAuth
{
/** @var ScopeConfigInterface */
private $scopeConfig;
public function __construct(
ScopeConfigInterface $scopeConfig
) {
$this->scopeConfig = $scopeConfig;
}
/**
* If the TwoFactorAuth module Enable setting is set to false, always return true here so all requests bypass 2FA.
* Otherwise, return the original result.
*
* @param TfaSession $subject
* @param $result
* @return bool
*/
public function afterIsGranted(TfaSession $subject, $result): bool
{
return !$this->scopeConfig->isSetFlag(‘twofactorauth/general/enable’)
? true
: $result;
}
}
|
1
2
3
4
5
6
7
8
|
<?php
use Magento\Framework\Component\ComponentRegistrar;
ComponentRegistrar::register(
ComponentRegistrar::MODULE,
‘MarkShust_DisableTwoFactorAuth’,
__DIR__
);
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
{
“name”: “markshust/magento2-module-disabletwofactorauth”,
“description”: “The DisableTwoFactorAuth module provides the ability to disable two-factor authentication.”,
“require”: {
“php”: “>=7.3”,
“magento/framework”: “>=103”
},
“type”: “magento2-module”,
“version”: “1.0.0”,
“license”: [
“MIT”
],
“autoload”: {
“files”: [
“registration.php”
],
“psr-4”: {
“MarkShust\\DisableTwoFactorAuth\\”: “”
}
}
}
|
1
2
|
bin/magento config:set twofactorauth/general/enable 0
|