Plesk
kb: how-to
ABT: Group B
Applicable to:
- Plesk
Question
Is it possible to configure multi-factor authentication to access Plesk?
Answer
- Yes, it is possible to configure multi-factor authentication: Authentication Schemes In Plesk – Just Say No To Passwords
- Please note that multi-factor authentication measure is intended only for Plesk web interface. It does not apply to API or Plesk Mobile App. Since mobile application uses XML-RPC API requests to communicate with Plesk server you can enhance security by disabling API at all or limiting it to specific IP addresses using article How to restrict Plesk XML API?
Comments
3 comments
Could you please update this article, mentioning that multi-factor authentication only applies to the web interface, and not to the REST API + Plesk Mobile App? Thanks in advance :)
@Dennis Am
Thank you for noticing! The article was updated.
MFA is not supported on mobile, ability to add this we consider as a feature request. But since MFA is not supported we do confirm as a bug the fact that MFA screen shown at all, it should be disabled. Request ID to hide it is PMBL-562.
Mobile application uses XML-RPC API requests to communicate with Plesk server. If you want to enhance security you may either disable API at all or limit it to specific IP addresses. To do so, add the following entries to the panel.ini file.
[api]
enabled = off
To allow connections via XML API only from specific IP addresses:
[api]
allowedIPs = 203.0.113.2,192.0.2.2
Please sign in to leave a comment.