Multi-factor authentication (MFA) for Site Administrators
  • 28 Nov 2023
  • 2 minutes to read

Multi-factor authentication (MFA) for Site Administrators

Article Summary

Multi-factor authentication (MFA) is a multi-step login process that helps to protect your Totara Site Administrator account by adding an extra layer of security. Totara's MFA requires you to use an authenticator app in addition to your password to access your account.

By combining an authenticator app with the password system, MFA makes it harder for someone to access your account and compromise your Totara site, even if they are able to obtain or guess your password. This helps to keep your site, as well as your users' personal information, safe.

See the MFA developer documentation for more information.

Enable MFA

To enable MFA for Site Administrators on your site, follow these steps:

  1. Go to Quick-access menu > Plugins > Multi-factor authentication > Manage multi-factor authentication.
  2. Click the closed eye icon (eye_close) next to Authenticator app.
  3. The eye icon should now appear open (eye_open), indicating that the Authenticator app is enabled.

Set up MFA for your account

As a Site Administrator, you can then configure MFA for your account by following these steps:

  1. Go to User menu (your name in the top-right corner) > Preferences > Manage multi-factor authentication.
  2. Click Add factor.
  3. Select Authenticator app.
  4. If you don't have one already, download an authenticator app (such as Google Authenticator). Open the app on your mobile device and scan the QR code displayed in Totara. Alternatively you can manually enter the code.
  5. In Totara, enter the six-digit code provided by the authenticator app.
  6. Click Save.

 Log in with MFA enabled

Once you have set up MFA for your account, you can log in by following these steps:

  1. Go to your Totara site.
  2. Enter your Username and Password.
  3. Click Login.
  4. Enter the six-digit code from the authenticator app, then click Verify.
  5. You should now be logged in to your Site Administrator account.

Multi-factor authentication notifications

You can configure notifications for trigger events related to multi-factor authentication, and add placeholders to those notifications.

By default there are notifications sent to a user when an MFA factor for their account is created or deleted.

Restoring access to an account with MFA

In the event that you are locked out of your Site Administrator account with MFA enabled (e.g. because you have lost the device with the authenticator app), another Site Administrator can revoke your registered MFA factor on the Manage user login page. To perform this action, the logged-in user needs to have the moodle/user:managelogin capability.

  1. Go to Quick-access menu > Users and browse for the admin user whose MFA you need to revoke.
  2. Click on the user's name to go to their profile.
  3. Click Manage user login.
  4. Under the Action heading, select Reset MFA.
  5. Click Update to revoke the admin user's registered MFA factor.

Following this action, the user will need to complete the MFA registration process again.

A developer can also do this on your behalf using CLI. Please see the developer documentation for more information on how to do this.

C010 - Site-level user management(1)The Totara Academy has a whole course dedicated to Site-level user management in Totara. Here you can learn more about user management, see best practice, and give it a go yourself.

© Copyright 2024 Totara Learning Solutions. All rights reserved.

Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.