- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've installed Magento many times, but this is the first time I've done a fresh installation using 2.4. Am I correct in this:
- Two Factor Authentication cannot be turned off in 2.4. Which is OK by me.
- I used the command line instructions from here to specify google auth.
- I followed the commands for generating base32 secret for the admin pass specified on the command line install (composer), and stuck it in the .credentials file.
- So how am I supposed to do a first time admin login on a fresh 2.4 installation if it doesn't have outbound email set up (to send directions for google auth, I presume), if I have to log into the admin interface to set up the outbound email?
Perhaps I'm not understanding something correctly. Perhaps the documentation needs improvement. Any help appreciated.
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just added to my own thread to show its resolution...
- Fortunately I remembered the "from" store addresses are in env.php, so I edited that and updated using the bin/magento commands.
- As mentioned I had previously installed sendmail
- Since I have administrative access to my mail server, I enabled the store's host network as a trusted network.
- This then allowed the QR code to reach me so that I had access.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: 2.4 Fresh Install Admin Account with Two Factor Authentication - first time login
Answering my own question... I found this page with instructions for disabling 2 factor authentications (though I shall put it back on later, no doubt, after setting up outbound email). One of the pages, or a prompt I had previously seen stated flat out that TFA could not be disabled in 2.4. So I guess I ought not to believe everything I read.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: 2.4 Fresh Install Admin Account with Two Factor Authentication - first time login
One more addition to this thread... upon entry to the admin gui, after having disabled the two factor authentication entirely, most of the controls in the admin gui are disabled... in all scopes. Now, that may be due to the note that I referenced previously (from the 2.4 release note):
Two-factor authentication (2FA) is now required for the Magento Admin. Admin users must first configure their 2FA before logging into the Admin through either the UI or a web API. 2FA is enabled by default and cannot be disabled.
If indeed it is the case that these controls are disabled if 2FA has been globally disabled, that needs to be documented. The note about logging into the UI to set up 2FA is also an impossible task for a new install without having previously used the command line. And my note above regarding setting up the mail server (which is currently a set of disabled controls) still stands. Although I set up sendmail on the server, and am able to send a mail from bash, Magento cannot use it.
I've often thought of myself as a paranoid network administrator, and set any security related items to a very high enough extent that my users sometimes complain; but I don't set security to the point where I lock myself out.
Not sure how I shall proceed. I'm thinking of wiping 2.4, installing 2.3, get email and security set up the way I want, and then upgrading. But if anyone has any suggestions, I'd love to hear them.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just added to my own thread to show its resolution...
- Fortunately I remembered the "from" store addresses are in env.php, so I edited that and updated using the bin/magento commands.
- As mentioned I had previously installed sendmail
- Since I have administrative access to my mail server, I enabled the store's host network as a trusted network.
- This then allowed the QR code to reach me so that I had access.