Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
Is it possible to configure multi-factor authentication to access Plesk?
Answer
The two-factor authentication scheme is facilitated by the Google Authenticator extension.
Note: MFA will be enabled both for Plesk Admin and the customers' accounts.
It is required to install the Google Authenticator application on your smartphone. Afterward, install the extension in Plesk and enable it. To configure the extension, first, scan the QR code with your smartphone:
When you try logging into the panel, you will be prompted for a verification code. Refer to the Google Authenticator application you have installed on your phone to obtain the code.
Please note that the multi-factor authentication measure is intended only for the Plesk web interface. It does not apply to API or Plesk Mobile App. Since the mobile application uses XML-RPC API requests to communicate with the Plesk server you can enhance security by disabling API at all or limiting it to specific IP addresses using the article How to restrict Plesk XML API?
Comments
9 comments
Could you please update this article, mentioning that multi-factor authentication only applies to the web interface, and not to the REST API + Plesk Mobile App? Thanks in advance :)
@Dennis Am
Thank you for noticing! The article was updated.
MFA is not supported on mobile, ability to add this we consider as a feature request. But since MFA is not supported we do confirm as a bug the fact that MFA screen shown at all, it should be disabled. Request ID to hide it is PMBL-562.
Mobile application uses XML-RPC API requests to communicate with Plesk server. If you want to enhance security you may either disable API at all or limit it to specific IP addresses. To do so, add the following entries to the panel.ini file.
[api]
enabled = off
To allow connections via XML API only from specific IP addresses:
[api]
allowedIPs = 203.0.113.2,192.0.2.2
How do we enable this just for the Admin account on plesk and not for customer access?
With the Plesk Web Admin version it works for the admin but for other users if they login normally and than push the button Google Authenticator they get an Error: Error: Permission denied.
So how to enable 2FA on a Web Admin edition not only to the admin user?
Hello Shawn Carron,
When Google Authenticator is used MFA will be enabled both for Plesk Admin and the customers' accounts. This is how the extension was developed.
I've added a note to the article to avoid any confusion in the future.
Hello @Chris Mayer,
On Web Admin, there are no customers, only Plesk Admin. By the other users, I suppose you mean the additional users in the left sidebar. Google Authenticator is not supposed to work with such users - they can still log in to Plesk as usual. These users have limited rights, so there is nothing to worry about.
I enabled Google Authenticator on Plesk Web Pro Edition, there are Customers and only the Plesk Admin have Google Authenticator feature available.
To enable it on the Customers, login as a Customer, on the Search bar, type Google Authenticator.
Please sign in to leave a comment.