Try our conversational search powered by Generative AI!

MFA for login to the CMS backend


Hi all!

I'm trying to figure out how to enable MFA/2FA to the CMS Admin Login (/episerver/cms), but no success so far. Could some one provide directions on how this can be achieved?

Thank you very much!

Jan 19, 2022 12:00

This is optimially achieved by moving away from the .Net membership provider and integrating with a cloud based indentity management service such as Azure Active Directory.

If you're interested in exploring AAD, here's a blog post on integrating it with Optimizely to get you started: Using Azure AD to Secure an Episerver Website | David Boland Blog

Jan 19, 2022 16:50

Unfortunately, it is not an option to use Azure AD.

I was looking into Joshua Folkerts article for '2 Factor Authentication in EPiServer'

Is there a way to customize/replace the CMS Admin Login in order to include the 2FA registration and validation steps before redirecting the user to the CMS Admin Home page?

Jan 20, 2022 8:58

Using ASP.NET Identity:

Create a Custom Login Page. Redirect users in admininstrative roles to the admin area in your code. You have full control to customise as you require

In the StartUp, Set the LoginPath to the url of your new Login Page

            app.UseCookieAuthentication(new CookieAuthenticationOptions
                AuthenticationType = "ApplicationCookie",
                LoginPath = new PathString("/user")
Edited, Jan 20, 2022 10:50
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.