Guides & TutorialsSecurityTwo Factor Authentication Activating and Using Two Factor Authentication for Admin Users

Activating and Using Two Factor Authentication for Admin Users


To activate Two-Factor Authentication for a WHMCS installation, follow the steps below:


1. Login to your WHMCS Administration Area

2. Navigate to Setup > Staff Management > Two-Factor Authentication

3.  Click the Activate button under the service that you would like to enable. For example Time Based Tokens:

Activate Two-Factor Authentication

4. Select one or both of the Enable for use by Clients and Enable for use by Administrative Users options:

Enable for Clients or Admins

5. Click the Save button

These steps can be repeated for each service that you would like to enable.

Some extra steps are required to configure the DuoSecurity and YubiKey methods. Details are in our documentation:


Now administrator users can start using two factor authentication for their accounts.


The following steps demonstrate how Admin Users can setup Two-Factor Authentication on their account using the Time Based Tokens service:


1. From the Admin Area, navigate to the My Account page

Click My Account

2. Toggle the Two-Factor Authentication setting to On

Toggle Two-Factor Authentication On

3. Select the Time Based Tokens service

4. Click the Get Started button

Select the Two Factor Auth Service

5. Scan the QR code with an authenticator app such as Google Authenticator or Duo Mobile

6. Enter in the 6-digit code that the authenticator app generates

Scan the QR Code with your app and enter the authentication code

7. Click on the Submit button

8.  Record the Backup Code in a safe place

9. Click the Close button

Take a note of the Backup Code

Two Factor Authentication is now set up for this administrator, and will be required when they login in future.

Staff can also be forced to configure Two Factor Authentication on their next login.