Two-Factor Authentication configuration

[MindServer]

Hi,

You recommend me enable "Two-Factor Authentication" tool in WHM/cPanel or can generate access problems?.

If I enable him, in "Issuer" I need put a different hostname in each server or I need put the same info in all servers? (because I have various servers). I attached an image.

Thank you very much. Have a nice day!

 

[andrew.n]

The Issuer setting determines the name that appears in the authentication app when a user accesses the security code. If you do not enter a name for the Issuer setting, it defaults to the hostname.

 

[MindServer]

The Issuer setting determines the name that appears in the authentication app when a user accesses the security code. If you do not enter a name for the Issuer setting, it defaults to the hostname.

-If I wirte "Issuer = My Bussiness Name" in all servers when configure "Two-Factor Authentication" will work correctly?.

-Other thing: if client enable Two-Factor Authentication in her cPanel account, the admins will can access since WHMCS buttons?.

Thank you very much.

 

[andrew.n]

I would write something unique in the Issuer field because you will be confused to which server the code belongs. If you enable 2FA I think yes, your clients from WHMCS can still access the accounts but I'm not 100% sure in that...maybe @cPanelLauren can confirm this?

 

[MindServer]

I would write something unique in the Issuer field because you will be confused to which server the code belongs. If you enable 2FA I think yes, your clients from WHMCS can still access the accounts but I'm not 100% sure in that...maybe @cPanelLauren can confirm this?

Thank you friend. I contacted to WHMCS support and they told me need disable Two-factor for cPanel API: CPanel/WHM - WHMCS Documentation

With this should be work correctly, I will do tests.

Have a nice day.

 

[andrew.n]

Awesome!

 

[cPanelLauren]

Hello,

I would agree with @andrew.n the issuer would make the most sense being your server's hostname or something that identifies your server for the authentication app.

As far as 2FA with UAPI or WHMAPI1 you can use it if the provider customized the code to be compatible or if your own code is is written to be so. Instructions on this can be found here: Guide to API Authentication - Two-Factor Authentication - Developer Documentation - cPanel Documentation

 

[sparek-3]

I know I'm digging up an old thread, but this thread seems relevant to my question.

Regarding the Issuer and multiple servers - how does that relate if the account is moved to another server?

For example, say I have two servers named homer and bart. I use these respective names as the Issuer on each server - homer for homer and bart for bart. An account on homer sets up 2FA and all works fine. 2 months later I move this account from homer to bart - will the 2FA work without any incidents? Or because the Issuer is different (it was set up on homer with the homer Issuer and now resides on bart where bart is the Issuer) will this cause issues with 2FA?

Or would I better off setting the Issuer for both servers to simpsons so that when an account on homer sets up 2FA and later gets moved to bart then there's no Issuer issue?

 

[cPRex]

From our docs at Two-Factor Authentication for WHM | cPanel & WHM Documentation

"The Issuer setting determines the name that appears in the authentication app."

It won't have any affect on how the authentication process works, just what shows up to the end-user. If you want to avoid possible confusion, it would be best to make that something generic.