Question
Is it possible to configure multi-factor authentication (MFA) to access Plesk?
Answer
The two-factor authentication (2FA or TFA) scheme in Plesk is facilitated by the Google Authenticator extension.
Note: The 2FA authentication process via the Google Authenticator extension for Plesk does not yet have functions or a designed purpose to enforce the usage of MFA. The process that is available for the Plesk Admin and Reseller accounts requires that the 2FA be added as a voluntary measure with the knowledge of the account holder instead of a measure that has to be enforced via the Admin user of Plesk.
Warning: MFA via the Google Authenticator extension can be enabled only for the main Plesk administrative account and the Reseller accounts in Plesk
It is required to install the Google Authenticator application on your smartphone, after which you should install the Google Authenticator extension in Plesk and enable it.
Note: MFA will be enabled both for both the main Plesk Admin and the main Reseller accounts
To configure the extension, you must go to Plesk > Google Authenticator and scan the QR code with your smartphone:
When you try logging into the panel, you will be prompted for a verification code. Refer to the Google Authenticator application on your phone to obtain the code.
Please note that the multi-factor authentication measure described in this article is intended only for access to the Plesk graphical user interface and it does not apply to the Plesk API or Plesk Mobile App.
Since the mobile application uses XML-RPC API requests to communicate with the Plesk server, you can enhance security for Plesk access by disabling the XML API entirely or limiting it to specific IP addresses by using the information in the following article:
How to restrict Plesk XML API?