Setup Two Factor Authentication for ERPNext
Activate two factor authentication by running the command.
- bench --site [sitename] set-config enable_two_factor_auth true
Specify the following in System Settings
- The method of OTP validation (OTP App = TOTP using Soft or Hard Token while Email/SMS = HOTP using Email or SMS
- The expiry time for the QR Code on the server if OTP App is specified
- The OTP Issuer Name.
On activation of 2FA from setup, it is also activated for the Role "All". In this way, all users including the Administrator have to perform a 2nd level authentication with a token. By unchecking the "Two Factor Authentication" checkbox in the "All" role and enabling it in other roles, the need to login with a token can be limited to specific roles.
- 2FA does not apply to login by Web Users and API login
Disable Two Factor Authentication for ERPNext
Disable ERPNext and Frappe two factor authentication by running the command.
- bench --site sitename execute frappe.twofactor.disable
Previous article I show you how to enable and disable two factor authentication for ERPNext system and Frappe Framework. If you need Help to config Erpnext two Factor Authentication, please contact me.