Setup Two Factor Authentication

Enable Two Factor Authentication (2FA)

Activate two factor authentication by running the command.

bench --site [sitename] set-config enable_two_factor_auth true

Specify the following in System Settings

  • The method of OTP validation (OTP App = TOTP using Soft or Hard Token while Email/SMS = HOTP using Email or SMS
  • The expiry time for the QR Code on the server if OTP App is specified
  • The OTP Issuer Name.

Enable Two Factor Auth

On activation of 2FA from setup, it is also activated for the Role "All". In this way, all users including the Administrator have to perform a 2nd level authentication with a token. By unchecking the "Two Factor Authentication" checkbox in the "All" role and enabling it in other roles, the need to login with a token can be limited to specific roles. 2FA does not apply to login by Web Users and API login

Role Enable Two Factor Auth

If using SMS authentication, please make sure that your SMS settings are updated

SMS Settings

If using Email, make sure that your outgoing