Question
Why does Plesk enforces me to use two-factor authentication (2FA)?
Is it possible to enforce two-factor authentication (2FA) for administrators, clients, and reseller users?
Answer
Multi-factor authentication (MFA) enhances account security by requiring multiple forms of verification before granting access. This layered approach makes it harder for unauthorized users to gain access, even if they have your password. By combining something you know (password) with something you have (phone), MFA significantly reduces the risk of account breaches and protects sensitive information from unauthorized access.
Starting with version 18.0.61, Plesk Obsidian allows for the enforcement of two-factor authentication (2FA) across different user roles, including administrators, clients, and resellers. This is achievable through the Multi-Factor Authentication (MFA) extension, which must be installed and configured within the Plesk panel to enable this feature.
-
Install Multi-Factor Authentication (MFA) extension
-
Enable 2 Factor Authentication:
a. Go to Extensions > Multi-Factor Authentication and activate the checkbox Enable Multi-factor Authentication
b. Scan the QR code with an MFA application (for example Google Authenticator App )
c. Enter verification code provided by the MFA app into Verification code section
d. Click Ok -
Enable enforce 2 Factor Authentication by adding the following to
panel.ini
[ext-mfa]
enforce = true
allowSkipEnforce = false
;learnMoreUrl = 'url to article'Note: Default values are
enforce = false
andallowSkipEnforce = false
-
enforce: When enforce is set to true, users will be forced to enable 2FA in login, not being able to continue with Plesk administration until complete the 2FA enable steps:
-
allowSkipEnforce: When allowSkipEnforce is set to true, the enforcement can be skipped by clicking Skip for now in the Note within the Warning message:
-
learnMoreUrl: This option could be included to modify the destination URL of the "Learn more about two-factor authentication" link in the warning message.
Insert the URL into cuotes as below:learnMoreUrl = 'https://example.com'
Or leave it commented out for default value
-
Comments
0 comments
Please sign in to leave a comment.