For coders TYPO3 Tech Corner

2FA: Google Authenticator for TYPO3

2FA: Google Authenticator for TYPO3

Setup per backend user

This is how quickly every backend user can independently activate and set up 2FA for the Google Authenticator and many other multi-factor authentication services:

1) After logging into the backend, you can simply click on your username. There you have to switch to the "Account security" tab. Then click the "Manage multi-factor authentication" button.

2) Select the green button "+ Setup" at "Time-based one-time password".

3) From here just follow the instructions
a) Scan the QR code with the Google Authenticator app
b) Enter a name in the backend for "Step 2".
c) Enter the current 6-digit code from the Google Authenticator app in "Step 3".
d) Then save

Tips and configuration

If you want to force 2FA for your backend users, you can easily do this with an AdditionalConfiguration.php:

# Enforce for all backend users $GLOBALS['TYPO3_CONF_VARS']['BE']['requireMfa'] = 1; # Enforce for non-admin backend users only $GLOBALS['TYPO3_CONF_VARS']['BE']['requireMfa'] = 2; # Enforce for admin backend users only $GLOBALS['TYPO3_CONF_VARS']['BE']['requireMfa'] = 3;

If you only want to activate 2FA for a special user group, you can do this via User TSConfig:

# User TSConfig auth.mfa.required = 1

When for some special reason you need the exact opposite. So you don't want to offer 2FA for your backend users. Then the option can also be completely deactivated in the user profile:

# User TSConfig setup.fields.mfaProviders.disabled = 1

How to add own 2FA service into TYPO3 is explained in the official documentation.


"Code faster, look at the time" - does this sound familiar to you?

How about time and respect for code quality? Working in a team? Automated tests?

Join us