Multi-factor authentication

Administration tool ::: tool_mfa
Maintained by Catalyst IT, Brendan Heywood, Peter Burnett, Mikhail Golenkov
This is a Moodle plugin which adds Multi-Factor authentication (MFA), also known as Two-factor authentication (2FA) on top of your existing chosen authentication plugins. https://en.wikipedia.org/wiki/Multi-factor_authentication
Latest release:
1163 sites
947 downloads
38 fans
Current versions available: 2

This is a Moodle plugin which adds Multi-Factor authentication (MFA), also known as Two-factor authentication (2FA) on top of your existing chosen authentication plugins.

https://en.wikipedia.org/wiki/Multi-factor_authentication

Why another MFA plugin for Moodle?

There are other 2FA plugins for moodle such as:

https://moodle.org/plugins/auth_a2fa

This one is different because it is NOT a Moodle authentication plugin. It leverages new API's that Catalyst specifically implemented in Moodle Core to enable plugins to augment the login process instead of replacing it. This means that this MFA plugin can be added on top of any other authentication plugin resulting in a much cleaner architecture, and it means you can compose a solution that does everything you need instead of compromising by swapping out the entire login flow.

See this tracker and the dev docs for more info:

https://tracker.moodle.org/browse/MDL-66173

https://docs.moodle.org/dev/Login_callbacks

The other major difference is that we support multiple authentication factor types as sub plugins, eg IP Range, Email, TOTP, WebAuthn / FIDO2 and in future others such as SMS or hardware tokens or anything else as new sub-plugins. They can be flexible configured so that different combinations of factors are considered enough.

Flexible configuration

The MFA has multiple sub-plugins for each type of factor. Different factors can be combined and checked in a specific order. See the plugin readme for the full details:

https://github.com/catalyst/moodle-tool_mfa/#configuration

For more information, consult the readme:

https://github.com/catalyst/moodle-tool_mfa/

Warm thanks

Thanks to Swissbit for sponsoring the work to add WebAuthn / FIDO2 support to this plugin.

Screenshots

Screenshot #0
Screenshot #1
Screenshot #2
Screenshot #3
Screenshot #4
Screenshot #5

Contributors

Catalyst IT (Lead maintainer)
Brendan Heywood: Solutions Architect
Peter Burnett: Developer
Mikhail Golenkov: Developer
Please login to view contributors details and/or to contact them

Comments RSS

აჩვენე კომენტარები
  • Peter Burnett
    სამ, მაი 16 2023, 6:17 PM
    @Titus

    Its not currently tenancy aware. We have had some passing interest in getting it there, but we haven't had a sponsor or the time to put towards it currently.
  • Jarratt Holliday
    სამ, ივლ 18 2023, 8:01 AM
    Hi, I'm using the latest MFA_plugin version with Moodle 4.1.3 and the Edumy theme but when go to the Account Profile > Preferences < Multi-factor authentication preferences for MFA with this Edumy theme running it displays this error:

    Coding error detected, it must be fixed by a programmer: page layout file [dirroot]/theme/edumy/layout/columns2.php does not contain the main content placeholder, please include "<?php echo $OUTPUT->main_content() ?>" in theme layout file.

    I'm not entire surely how to fix this problem. I have already tried suggestion above and also raised support ticket with Edumy but they have been very unresponsive. I desperately need to fix this as have a client using this Edumy theme with MFA plugin but it does not work at all properly at the moment because of this error.

    The MFA plugin works perfectly fine with BOOST theme so I'm guessing the Edumy theme is causing this weird issue with this MFA plugin.

    Any suggestions would be greatly appreciated.
  • Peter Burnett
    სამ, აგვ 15 2023, 4:02 PM
    Hi @Jarrat Holiday. I think this is something I have heard before from other users of the plugin. This is a bug with Edumy, and its not something that can be easily remedied on the MFA side. MFA is simply calling a code path that exposes the error, but the error message is deeper and emitted from core from what I understand, I believe it happens when attempting to emit javascript.
    I am not overly keen on working around a very broken community theme unfortunately, as to do so would likely worsen support for other themes.
  • Tomas Torres
    ხუთ, აგვ 17 2023, 9:08 PM
    Hi Peter:
    I want to use the atutenticator app only, the authenticator app and the grace period is enabled, and I have the message to setup the app.
    In this screen I can put the Device Label, scan the QR Code in Twilio, Microsoft Authenticator or google authentichator, I and a config the service in cell phone.
    But when I try to put the verification code for confirmation, I have the message of incorrect verification code, and i can't save the configuration to finish.
    What can be the issue?
  • Peter Burnett
    პარ, აგვ 18 2023, 6:14 AM
    Hi Tomas, This sounds like clock drift on either the server or the device being used to generate the TOTP code. The generation algorithm is time based, and by default only allows for a clock skew of up to 30 seconds. This window can be widened in the factor_totp settings, however it is worth ensuring both the Moodle server and the mobile device are set to use network time, which should ensure they dont drift from a central time source.
  • Tomas Torres
    პარ, აგვ 18 2023, 12:04 PM
    Hi Peter, thanks a lot, is working now after ntp service configuration.
  • Stefan Biehl
    ხუთ, სექ 7 2023, 1:35 AM
    Hi, how can I extend the grace period if it passed and some users can't login anymore?
  • Peter Kelly
    სამ, სექ 19 2023, 9:30 AM
    Hi, I'm running into an issue, I have these MFA's in order) TOTP app 100, EMail 100, Grace Period 100. Email works fine, Grace period seems to be working fine, I am not getting any TOPT setup options in the user profile settings. Preferences
    User account
    Edit profile
    Change password
    Preferred language
    Forum preferences
    Editor preferences
    Calendar preferences
    Content bank preferences
    Message preferences
    Notification preferences. Any ideas on how to proceed.? Nothing jumps at me in the log files.
  • serge-fabien woi
    ხუთ, ოქტ 5 2023, 2:29 AM
    Good evening, I'm a Moodle student and I'd like to know if you can help me install the MFA plugin because on the link https://github.com/catalyst/moodle-tool_mfa/ it's really complicated for me to install and configure it. I use Moodle 4 and the eguru theme.
  • Zoran Jančić
    ორშ, ოქტ 9 2023, 9:21 PM
    We are using this plugin on our Moodle 4.2. IT says Moodle 4.3 has MFA in the core, but there are no instructions about migrating existing data from MFA plugin to MFA core. Will upgrade scripts automatically do it or there are some additional steps required?
  • Peter Burnett
    სამ, ოქტ 10 2023, 6:46 AM
    Hi Zoran, no migration should be required, it is the exact same plugin within core, Moodle HQ have adopted the existing plugin, so no additional work or config should be required.
  • Michael O'Callaghan
    ხუთ, თებ 8 2024, 1:16 AM
    Hi, Thanks for a fantastic plugin. I'm just wondering if its possible to modify/customize the email that is sent by the MFA plugin?
  • heli g
    ორშ, თებ 26 2024, 3:10 PM
    Please can you update the version in the Moodle plugins directory. We have encountered what looks like this bug: Using email MFA behind VPN with private-range IP addresses results in exception https://github.com/catalyst/moodle-tool_mfa/issues/444
    Thank you
  • Ezzeddin Hamed
    ოთხ, მაი 22 2024, 4:34 PM
    A wonderful addition to Moodle, I like it very much.

    I am trying to customize email messages using email factor, I found the customization in the language file factor_email.php, but could not find anything about the logo which I want to completely remove.

    In the language files, I could not find anything related. Is it hard coded? If so, which appears to be, would you guide me where? In which file?

    Thanks a lot,
  • Ezzeddin Hamed
    ხუთ, მაი 23 2024, 5:46 AM
    I reached it and modified the related mustache file.

    On the other hand, I am trying to reset authentication factors for a user, I applied all factors that are active, but the user still logs in without new factor enforcement.

    Should I consider this as a bug? I am using Moodle 4.3.3.
1 2 3 4 5
Please login to post comments