Role-Based 2FA

Hello there!

Need Help? We are right here!

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Your Contact E-mail

What are you looking for

How can we help you?

Role-Based 2FA in Drupal

Role-Based 2FA allows you to enforce Two-Factor Authentication (2FA) only for specific user roles instead of all users.
This is useful when you want to:

Apply stricter security for Admin or privileged roles
Allow normal users to log in using basic authentication (username + password)
Maintain a balance between security and user convenience
The feature is available in the miniOrange Two-Factor Authentication (2FA / MFA) module and is compatible with Drupal 8, 9, 10, and 11.

Prerequisites

Before configuring Role-Based 2FA, ensure the following:

The 2FA module is installed and enabled
Navigate to: /admin/config/people/miniorange_2fa/login_settings

Enable the following settings:

- Activate Two-Factor Authentication
- Enforce 2FA to End Users

Setup Role-Based 2FA

Follow these steps to enable 2FA for specific roles:

Navigate to 2FA Policy for End Users tab
Scroll to the 2FA Restrictions section
Click on the Role-Based Restriction tab
Enable: Enable Role Based 2FA
Select the roles for which you want to enforce 2FA (e.g., Admin)
You can select 2fa methods for that specific user
Click on Save Settings

User Login Experience

Open a new browser or private window
Go to your Drupal site login page
Log in with a user assigned to a role where 2FA is enabled
After entering credentials:
2FA verification will be triggered
Complete authentication and click on Verify
On success → User is logged in

How It Works

Users with selected roles → Required to complete 2FA
Users without those roles → Can log in using only username & password