Key Features & Configurations

Let’s walk through the Login Settings tab of the module which holds all the major configurations and features of the module.

Enable Two-Factor module

You can enable/disable 2FA for all the users with this checkbox. If the checkbox is unchecked, users can log in into the Drupal site with basic authentication (username and password).

Invoke Inline Registration to setup 2nd factor for users

Wondering how will the end users select and configure their 2FA method? You will have to enable this checkbox to allow the end users to configure their second-factor authentication on the first login attempt. Please refer to the guide here to see how it works.
What if the users want to change/reconfigure the 2FA method on subsequent login? What if the users do not have access to the one-time passcode required for the second factor of authentication?

  • Change/Re-configure 2FA methods -
    The admins can allow users to reconfigure their 2FA method after the first login attempt. The users will have to navigate to the 2FA configurations tab under the user profile section and click on Reconfigure button. Upon changing the configured 2FA method, the current session will be destroyed, and the user will be logged out. He/she will have to re-login and go through the new inline registration process to configure the new 2FA method.
  • Security questions (KBA) as backup 2FA -
    The admin has sole control to allow users to configure/use a backup 2FA method to ensure the users are not locked out of the site. Configured 2FA method Security Questions (If configured) OTP over Email.

Allow specific 2FA methods to configure in inline registration

With this feature, you can narrow down the list of allowed 2FA methods for the users in the inline registration.
You can enable the master checkbox and then uncheck all the 2FA methods that you do not wish to allow.
The module provides multiple criteria to filter invoking 2FA for the users.

Role-based 2FA

This feature allows you to enforce 2FA for the users on the Drupal site based on their roles. You can refer to the guide here to see how 2FA is invoked for the selected user roles and the other users can access the site only with basic authentication.

Domain-based 2FA

If you want to secure user identities based on the domain of the users, this feature got your back. The 2FA will be invoked for the specified domains in the configuration and other users will be allowed to access the site only with basic authentication.

Whitelist IP addresses

If you whitelist the IPs then second-factor authentication will not be invoked for those IPs.

Passwordless Login

By enabling this feature, you can allow users to skip basic authentication with a password and login to the site solely with configured 2FA method. Refer to the guide here to see how it works.

Backdoor URL

This feature is the saviour in case you are locked out of your Drupal site. The backdoor URL allows an admin user to log in to the Drupal site without a second factor of authentication.

OPT-in and OPT-out options

The user will have the choice to enable or disable 2FA in their profile once this functionality is enabled. Additionally, users have the option to skip inline registration.