To activate Two-Factor Authentication for a WHMCS installation, follow the steps below:

1. Login to your WHMCS Administration Area

2. Navigate to Setup > Staff Management > Two-Factor Authentication

3.  Click the Activate button under the service that you would like to enable. For example Time Based Tokens:

4. Select one or both of the Enable for use by Clients and Enable for use by Administrative Users options:

5. Click the Save button

These steps can be repeated for each service that you would like to enable.

Some extra steps are required to configure the DuoSecurity and YubiKey methods. Details are in our documentation: https://docs.whmcs.com/Two-Factor_Authentication#DuoSecurity

Now administrator users can start using two factor authentication for their accounts.

The following steps demonstrate how Admin Users can setup Two-Factor Authentication on their account using the Time Based Tokens service:

1. From the Admin Area, navigate to the My Account page

2. Toggle the Two-Factor Authentication setting to On

3. Select the Time Based Tokens service

4. Click the Get Started button

5. Scan the QR code with an authenticator app such as Google Authenticator or Duo Mobile

6. Enter in the 6-digit code that the authenticator app generates

7. Click on the Submit button

8.  Record the Backup Code in a safe place

9. Click the Close button

Two Factor Authentication is now set up for this administrator, and will be required when they login in future.

Staff can also be forced to configure Two Factor Authentication on their next login.