Multi-factor authentication

Admin tools ::: tool_mfa
Maintained by Catalyst IT, Brendan Heywood, Peter Burnett, Mikhail Golenkov
This is a Moodle plugin which adds Multi-Factor authentication (MFA), also known as Two-factor authentication (2FA) on top of your existing chosen authentication plugins.
Latest release:
512 sites
14 fans
Current versions available: 1

This is a Moodle plugin which adds Multi-Factor authentication (MFA), also known as Two-factor authentication (2FA) on top of your existing chosen authentication plugins.

Why another MFA plugin for Moodle?

There are other 2FA plugins for moodle such as:

This one is different because it is NOT a Moodle authentication plugin. It leverages new API's that Catalyst specifically implemented in Moodle Core to enable plugins to augment the login process instead of replacing it. This means that this MFA plugin can be added on top of any other authentication plugin resulting in a much cleaner architecture, and it means you can compose a solution that does everything you need instead of compromising by swapping out the entire login flow.

See this tracker and the dev docs for more info:

The other major difference is that we support multiple authentication factor types as sub plugins, eg IP Range, Email, TOPT and in future others such as SMS or hardware tokens or anything else as new sub-plugins. They can be flexible configured so that different combinations of factors are considered enough.

Flexible Configuration

The MFA has multiple sub-plugins for each type of factor. Different factors can be combined and checked in a specific order. See the plugin readme for the full details:

For more information, consult the readme:


Screenshot #0
Screenshot #1
Screenshot #2
Screenshot #3
Screenshot #4
Screenshot #5


Catalyst IT (Lead maintainer)
Brendan Heywood: Solutions Architect
Peter Burnett: Developer
Mikhail Golenkov: Developer
Please login to view contributors details and/or to contact them

Comments RSS

Show comments
  • Fri, Jul 9, 2021, 6:48 AM
    Hi Timm, the intended way to solve this issue is to use the gracemode factor. It allows you to set a configurable period during which users are able to setup another factor for use, such as TOTP or SMS. Simply enable it, and it will allow new users to pass MFA, and prompt them to setup a factor for use.
  • Wed, Jul 14, 2021, 3:08 PM
    First I would like to thank you for this plugin.
    I tried to use the plugin with a commercial theme called Edumy but I got the below error, So I contacted the theme support and they replied as below.
    Any idea how can I fix this, or is there a new release of the plugin that will solve this issue?

    Coding error detected, it must be fixed by a programmer: page layout file [dirroot]/theme/edumy/layout/ccn_minimal.php does not contain the main content placeholder, please include "<?php echo $OUTPUT->main_content() ?>" in the theme layout file.

    Theme Support Response:
    "Edumy already does include all required functions for the main content area on the page. It appears that the plugin is using an outdated method of printing content into the body area.
    Hope this helps to clarify!"
  • Wed, Jul 14, 2021, 3:56 PM
    it looks like updating to the version in Github fixed the issue for the login as it is recent than the one here in Moodle plugins; but in the user preferences admin/tool/mfa/user_preferences.php the issue still exists and gives the error below

    Coding error detected, it must be fixed by a programmer: page layout file [dirroot]/theme/edumy/layout/columns2.php does not contain the main content placeholder, please include "<?php echo $OUTPUT->main_content() ?>" in theme layout file.
  • Fri, Jul 30, 2021, 8:47 PM
    I have a question about the "Role factor". Is it possible to force several roles like teachers and admins to use TOTP as authentication method and make it optional for students?
  • Wed, Sep 8, 2021, 9:45 PM
    Will there be a new version published here of the tool_mfa plugin? The version on Github is more recent than the latest version on this page.
  • Wed, Jan 12, 2022, 9:54 PM
    Hi guys,

    We have built a custom theme for Moodle for a customer and are using this plugin in concert with that. It as been working very well so far.

    However, due to our own custom theme and the upcoming 2022/2023 Moodle 4.0 changes to the theme, we are trying to anticipate any extra work we'll have to charge due to this update.

    Because it seemed wise to take the plugins we use into account as well, I'd like to ask you wether they anticipate any trouble with the upcoming Moodle version in the context of this plugin? How fast can we expect an update? Anything we can do ourselves?

    We know it's fairly early, but this client is a very big and bureaucratic one, and any and all information will be useful to us.

    I also thought it might be good to start a general Moodle 4.0 megathread for the (undoubtedly volumous) questions that will appear.
  • Mon, Jan 17, 2022, 8:10 PM
    Hi folks quick-fire question has this been tested with M3.10 / M3.11? Cheers!
  • Tue, Jan 18, 2022, 6:00 AM
    Hi Chris. This plugin shouldn't have any issues running on M3.10 or 3.11. Our integration CI runs on those versions and all tests are passing, and we are not aware of any breaking API changes in those versions.
  • Tue, Jan 18, 2022, 6:02 AM
    Hi Peter, Similar to the above comment, we do not anticipate many issues with 4.0 and this plugin, as the core API's have not yet had any breaking changes to cause issues in the plugin, so at this point any work needed should be minimal if any.
  • Fri, Jan 28, 2022, 3:33 AM
    Hi Guys, I enable email factor for admin and I did not receive a code in my email. Now I cant login my admin account. Please help me..
  • Fri, Jan 28, 2022, 6:33 AM
    Hi Razi, can you please move this discussion over to the github issue board for the plugin, so we can more easily help you.
  • Fri, Jan 28, 2022, 2:18 PM
    Noted Peter, Thanks!!
  • Thu, Mar 10, 2022, 2:56 PM
    Hi all, this is a great plugin that we wanted to try with SMS and I saw on the documentation that there is the SMS factor. However when I tried to install it there is no SMS Factor settings at all. Is there something I'm missing? I only got these factors when I installed : factor_admin, factor_auth, factor_email, factor_grace, factor_iprange, factor_nosetup, factor_secq, factor_totp.

  • Thu, Mar 10, 2022, 4:29 PM
    Hi Ey Marieb. It seems like the plugin package hasn't been updated here for a while. Please refer to for the latest plugin version. Cheers.
1 2 3
Please login to post comments