Payload is joining Figma!Read the announcement
Simplify your stack and build anything. Or everything.
Schedule a Demo
USE CASES
Headless CMSEnterprise App BuilderHeadless E-CommerceDigital Asset Management
FEATURES
Multi-TenancyWhite LabelLocalizationAccess ControlAuth
CASE STUDIES

See what others are building with Payload.

Browse Case Studies
Build tomorrow’s web with a modern solution you truly own.
PAYLOAD IS FOR
DevelopersMarketing teamsEnterprise companiesAgencies & Consultancies
COMPARE PAYLOAD
Payload vs WordPressPayload vs ContentfulPayload vs SanityPayload vs StrapiPayload vs Directus
AGENCY TESTIMONIAL

"Payload has transformed the way our clients manage content. It's an indispensable tool for any modern agency."

Become a PartnerFind a Partner
Code-based nature means you can build on top of it to power anything.
Resources
DocumentationExamplesTemplatesGitHubReleasesBlogGuides & Tutorials
Community
RoadmapDiscordCommunity Help
Resources for Developers

Get the resources you need to start building today

Guides & TutorialsExplore Docs
It’s time to take back your content infrastructure.
Schedule a Demo
Enterprise Features
SSOAI Auto-EmbeddingPublishing WorkflowsVisual EditorStatic A/B testingAI features
Customer Stories
MicrosoftASICSBlue OriginHello BelloTekton
Featured Customer Story

Microsoft chose Payload to tell the world about AI.

Read the case studyBrowse all
LoginGet Started
Community Help

2FA

default discord avatar
christopher.nowlan8 months ago
7

Is there a way to set up 2FA for logging into Payload?



A plugin would be great

  • default discord avatar
    kaspartr2 years ago

    Yes, PayloadCMS uses PasswordJS authentication strategies.


    https://payloadcms.com/docs/authentication/config#strategies

    Though I haven't manage to get Google Authenticator app working yet. Need more time with that. If anybody has successfully implemented a Google Auth for MFA login and is willing to share the code, much appreciated. 🙏

  • default discord avatar
    paulpopus2 years ago

    that's something on my list of plugins to make



    maybe I can hack something together early next week if nobody else gets to it before me



    you would use the prelogin hooks and a few custom routes to setup 2FA with speakeasy



    it's a tough one, I don't think an additional strategy is the ideal solution here but im still doing research



    its not as simple as i thought initially 😅



    maybe but in v3 we dont use passport anymore, its a self rolled solution

  • default discord avatar
    captken.2 years ago

    I second that - thanks

    @858693520012476436
  • default discord avatar
    aaronksaunderslast year

    any update on this? I am ready to move forward with Payload on a new project, but after reviewing the requirements, I see I need 2FA.



    We rolled our own solution

  • default discord avatar
    zawojlast year
    @923397761045512202

    @858693520012476436

    any update?



    So it has been done successfully ? Do you have any tip or code ?



    I tried to implement this, but the problem is with the webpack. I literally spent a couple of hours troubleshooting the missing settings and once I did everything, the login page wouldn't load at all.



    And there is still the question of where to pass the code from 2fa



    I did it, tomorrow we're doing tests. If everything goes well, I'll publish somewhere how to do it.



    Yes soon will sory about delay but I will can publish after project finish. It schould be this week



    Recorded, must now edit



    I made it, it's my first YouTube video so forgive me if it's not the best quality but I wanted to share it already and not edit it endlessly

    https://www.youtube.com/watch?v=Tpqt_q7KWPQ
  • default discord avatar
    notchrlast year

    Hmm



    So since Payload uses passport, I wonder if the passport 2fa plugin could work



    I'm not sure how the auth flow is



    Otherwise, I could see a system where there is a property set on an auth collection that controls the 2fa auth state and token. You would need a hook for after Login and a custom access control role, but I think it would be possible.



    @858693520012476436

    could something like this work maybe?

    https://www.passportjs.org/packages/passport-2fa-totp/
  • default discord avatar
    jakeholcrlast year

    Any update on this?



    Great thank you sir 🎉

Open

Continue the discussion in Discord

Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get dedicated engineering support directly from the Payload team.