Domain-Based 2FA in Drupal

Hello there!

Need Help? We are right here!

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Your Contact E-mail

What are you looking for

How can we help you?

Domain-Based 2FA in Drupal

Domain-Based 2FA allows you to enforce Two-Factor Authentication (2FA) for users based on their email domain.

This means users whose email addresses match specific domains (e.g., @company.com) will be required to complete 2FA, while others can log in normally.

This feature is available in the miniOrange Two-Factor Authentication (2FA / MFA) module and is compatible with Drupal 8, 9, 10, and 11.

Prerequisites
Before configuring Domain-Based 2FA, ensure the following:

The 2FA module is installed and enabled
Navigate to: /admin/config/people/miniorange_2fa/login_settings

Enable the following settings:

Activate Two-Factor Authentication
Enforce 2FA to End Users

Setup Domain-Based 2FA

Follow these steps to enable 2FA based on email domains:

Navigate to 2FA Policy for End Users tab
Go to: /admin/config/people/miniorange_2fa/login_settings
Scroll to the 2FA Restrictions section
Click on Domain Based Restriction tab
Enable: Enable Domain Based 2FA
Enter the domains in the input field (e.g., company.com)
Click on Save Settings

User Login Experience

Open a new browser or private window
Go to the Drupal login page
Enter user credentials

What happens next:

If the user’s email domain matches configured domains → 2FA is triggered
If the domain does not match → User logs in directly without 2FA

How It Works

The module checks the domain part of the user’s email address
Applies 2FA only if it matches the configured domain list