Two-Factor Authentication (2FA) works by adding an additional layer of security to your online accounts. It requires an additional login credential - something you have - to gain account access, in addition to your password (something you know).
This feature is only available in Server Mode.
pgAdmin 4 supports two types of 2FA:
-
Email Authentication
-
Authenticator App (e.g: Google Authenticator)
Configure Two Factor Authentication
Configuring Two-factor Authentication for pgAdmin 4 requires editing config_local.py or config_system.py on the system where pgAdmin is installed in Server mode.
Read more at https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html
You can copy the settings from the config.py file and modify the values for the following parameters:
Note: You can also force users to configure the two-factor authentication methods on login by setting MFA_FORCE_REGISTRATION parameter to True.
Setup Two Factor Authentication from pgAdmin 4 GUI
To setup Two factor authentication from pgAdmin 4 for a user you must click on Two-factor Authentication in the User menu in the right-top corner. It will list down all the supported multi-factor authentication methods.
Click the Setup button next to Email Authentication. Please follow the instructions provided:
Note: You must set the Mail server settings in config_local.py or config_system.py in order to use email as a two-factor authentication method. Read more about Mail server settings at https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html
Setup using Authenticator App (e.g: Google Authenticator)
Click the Setup button next to the Authenticator App. Scan the QR code and enter the code from the authenticator app.
You will see the Delete button for the authentication method if it has already been configured. Clicking on the Delete button will deregister the authentication method for the current user.
Verifying the Configuration
Verify the setup by logging out and logging back in from the pgAdmin once the setup is complete. To authenticate, you can either use the Authenticator app or email authentication. It's not compulsory to set up both authentications, you can either set up one or the other.
Conclusion
Add an additional level of security to your pgAdmin accounts with the Two Factor Authentication feature in pgAdmin 4.