Moodle Plugins directory: Multi-factor authentication | Moodle.org
Multi-factor authentication
Brendan Heywood, 
Peter Burnett, NOTE: Moodle 4.3 (and higher) include this feature in the core release - you only need this plugin if you are using an older Moodle release.
This is a Moodle plugin which adds Multi-Factor authentication (MFA), also known as Two-factor authentication (2FA) on top of your existing chosen authentication plugins.
https://en.wikipedia.org/wiki/Multi-factor_authentication
Why another MFA plugin for Moodle?
There are other 2FA plugins for moodle such as:
https://moodle.org/plugins/auth_a2fa
This one is different because it is NOT a Moodle authentication plugin. It leverages new API's that Catalyst specifically implemented in Moodle Core to enable plugins to augment the login process instead of replacing it. This means that this MFA plugin can be added on top of any other authentication plugin resulting in a much cleaner architecture, and it means you can compose a solution that does everything you need instead of compromising by swapping out the entire login flow.
See this tracker and the dev docs for more info:
https://tracker.moodle.org/browse/MDL-66173
https://docs.moodle.org/dev/Login_callbacks
The other major difference is that we support multiple authentication factor types as sub plugins, eg IP Range, Email, TOTP, WebAuthn / FIDO2 and in future others such as SMS or hardware tokens or anything else as new sub-plugins. They can be flexible configured so that different combinations of factors are considered enough.
Flexible configuration
The MFA has multiple sub-plugins for each type of factor. Different factors can be combined and checked in a specific order. See the plugin readme for the full details:
https://github.com/catalyst/moodle-tool_mfa/#configuration
For more information, consult the readme:
https://github.com/catalyst/moodle-tool_mfa/
Warm thanks
Thanks to Swissbit for sponsoring the work to add WebAuthn / FIDO2 support to this plugin.
Screenshots
Contributors
@j. luis simon I recommend implementing this instead as a callback using $factor->post_pass_state() method, and override this method in the new factor class. It is invoked every time authentication passes, so you can use this to store the IP of the user, which can be used in comparison at next lookup. I would be really careful with IP in general, there are many many conditions that can make IP change between requests (proxy, ISP etc)
@Peter Kelly Currently there is no way to override this by default, however you could change the language strings in a custom language pack, or override it in your site theme.
@Hanspeter Rutschmann The table lives here /admin/settings.php?section=managemfa
It looks like user filtering factors is what you need. You can target your admins / teachers by their auth type, roles, capabilities. Please refer to plugin docs: https://github.com/catalyst/moodle-tool_mfa#user-filtering-factors
Kind regards,
Mikhail
The only thing that I found a bit puzzling in the start was parts of the documentation.
1. Do NOT enter any settings in the configuration dialog when installing. You are not logged inn yet and you may lock yourself out. (This is written at the bottom of the README on git hub).
2. To access the configuration dialog, go to "System administration", tab "Plugins", section "Admin tools", item "Multi-factor authentication".
3. The user's QR code is found under the user's profile (icon on top right of Moodle window), "Preferences", "Multi-factor authentication preferences"
That's it.
Everything else works like a charm. Good help texts for the users. Works very well. Highly recommended.
Is it possible to make your plugin work with microsoft's Authenticator app?
Kind regards
Yes the application works with Microsoft authenticator, in TOTP mode via a QR code.
Its not currently tenancy aware. We have had some passing interest in getting it there, but we haven't had a sponsor or the time to put towards it currently.
Coding error detected, it must be fixed by a programmer: page layout file [dirroot]/theme/edumy/layout/columns2.php does not contain the main content placeholder, please include "<?php echo $OUTPUT->main_content() ?>" in theme layout file.
I'm not entire surely how to fix this problem. I have already tried suggestion above and also raised support ticket with Edumy but they have been very unresponsive. I desperately need to fix this as have a client using this Edumy theme with MFA plugin but it does not work at all properly at the moment because of this error.
The MFA plugin works perfectly fine with BOOST theme so I'm guessing the Edumy theme is causing this weird issue with this MFA plugin.
Any suggestions would be greatly appreciated.
I am not overly keen on working around a very broken community theme unfortunately, as to do so would likely worsen support for other themes.
I want to use the atutenticator app only, the authenticator app and the grace period is enabled, and I have the message to setup the app.
In this screen I can put the Device Label, scan the QR Code in Twilio, Microsoft Authenticator or google authentichator, I and a config the service in cell phone.
But when I try to put the verification code for confirmation, I have the message of incorrect verification code, and i can't save the configuration to finish.
What can be the issue?