If you want to disable Second-Factor authentication then untick Enable the two factor plugin
Bypass Two Factor Administrator/Superuser:- If you enable this checkbox, Second-Factor authentication will not be invoked (or 2nd factor authentication is by-passed) for administrator/superuser during login.
Enforce 2 Factor registration for users at login time :- Invoke Inline Registration to set up the 2nd factor for users. If the second factor is not set up for the user trying to login, he will be asked to set up before login.
Skip Inline Registration to skip the 2nd factor for users :- If you enable this checkbox, the Skip 2FA button will be enabled for users during user Inline Registration.
Change/Re-configure 2FA methods
Enable if your users want to change the 2FA method:- If you want to allow your users to change or re-configure their configured 2FA methods, then enable it.
ROLE BASED 2FA :- If you want to allow only a specific role/group of users to set up the Two-Factor Authentication, then enable this checkbox and select appropriate 2fa methods.
2FA METHODS TO CONFIGURE IN INLINE REGISTRATION :- If you want to allow only specific 2FA methods to be configured by users while inline 2fa setup then enable this checkbox and select appropriate 2fa methods.
Note :- To use this feature make sure you have enabled the "ENFORCE 2 FACTOR REGISTRATION FOR USERS AT LOGIN TIME" feature.
BACKUP CODES :- Backup codes are one-time codes you can generate specifically for your Joomla users when users have enabled 2FA. So that users need the backup codes in case users want to login to Joomla website and cannot access the primary 2FA methods.
Note: These codes can see only Superuser who has the license key associated.
WHITELIST IP ADDRESSES :- We also provide an option in the plugin to whitelist an IP. We recommend you to whitelist your own IP address so that you never get blocked. When you whitelist an IP our Firewall will never block that IP, brute force protection will also not block requests coming from this IP address.
BLACKLIST IP ADDRESSES :-
IP blocking is a method for protecting your website from malicious attacks.
You can check out the reports tab in the plugin to check if any IP address has a suspicious number of failed login attempts to your Joomla login and block that IP using the IP blocking feature.
Our Miniorange Web Application Firewall provides you security from IP’s that try to make attacks on your website. The IP Blocking feature will help you in blocking specific IP’s that can cause harm to your Joomla site. For example – Some IP’s may be posting spam comments on your blogs or running unwanted scripts on your Joomla Site.
CUSTOMIZE KBA :-
KBA is a backup method which you can use. What happens if your phone is lost, discharged or not with you then you can use this method as a backup method. You can set of questions.
NOTE :- Add set of questions '?' separated. These Questions will be available for users to set KBA during 2FA Inline Registration.
PASSWORDLESS LOGIN (LOGIN WITH 2ND FACTOR ONLY) :-
Passwordless authentication is a process of verifying a user's authentication in Joomla without the use of a password.
Configure passwordless login to make login and registration simpler for your users. Users may utilize passwordless login to log in, sign up, and even register identity verification methods without memorizing usernames or passwords.
In this when users try to login (accessing) to the Joomla site. Users need to authenticate by username and password. But in this case users can login by using their 2nd factor login method.
If you want to enable passwordless login, then click on checkbox to enable passwordless login.