PHPackages                             internetgalerie/ig-mfa-frontend - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. internetgalerie/ig-mfa-frontend

ActiveTypo3-cms-extension[Authentication &amp; Authorization](/categories/authentication)

internetgalerie/ig-mfa-frontend
===============================

MFA for Frontend

v0.9.3(3mo ago)13781[1 issues](https://github.com/internetgalerie/ig-mfa-frontend/issues)GPL-2.0-or-laterPHP

Since Jan 10Pushed 3mo ago1 watchersCompare

[ Source](https://github.com/internetgalerie/ig-mfa-frontend)[ Packagist](https://packagist.org/packages/internetgalerie/ig-mfa-frontend)[ RSS](/packages/internetgalerie-ig-mfa-frontend/feed)WikiDiscussions main Synced 1mo ago

READMEChangelogDependencies (1)Versions (4)Used By (0)

TYPO3 Extension 'ig\_mfa\_frontend'
===================================

[](#typo3-extension-ig_mfa_frontend)

The extension enables Multi Factor Authentication (MFA) for frontend user.

1. What does it do?
-------------------

[](#1-what-does-it-do)

The extension extends the login mechanism with MFA. MFA is done in a separate step with its own template. There is also a controller with which frontend users can set up MFA. All installed MFA providers are supported by default; this can be restricted using TypoScript.

2. Usage
--------

[](#2-usage)

### 1) Installation

[](#1-installation)

The recommended way to install the extension is by using [Composer](https://getcomposer.org/). In your Composer based TYPO3 project root, just do `composer require internetgalerie/ig-mfa-frontend`.

### 2) TypoScript

[](#2-typoscript)

propertyDescriptionDefaultrecommendedMfaProviderRecommended Provider (marked)totpallowedProvidersAllowed Provider (leave empty for all)cssFileBasePath to the Css Base file from TYPO3 backendEXT:ig\_mfa\_frontend/Resources/Public/Css/base.csscssFilePath to the Css file usedEXT:ig\_mfa\_frontend/Resources/Public/Css/configuration.cssjsFilePath to the Js file usedEXT:ig\_mfa\_frontend/Resources/Public/JavaScript/ig-mfa-frontend.js- base.css includes styles from TYPO3 backend, including Bootstrap, making it bulky and ugly for the frontend. TODO: Clean up and optimize, possibly add and call provider frontend setup if available (to get better html)

### 3) Providers

[](#3-providers)

tested providers:

Provider IDDescriptionExtensionExampletotpTime-based One-time Password (TOTP)CoreGoogle Authenticatorrecovery-codesOne-Time-Password (OTP)CoreTransaction Authentication Number (TAN)webauthn-platformBuilt-in Authenticators (FIDO2)bnf/mfa-webauthnIncorporated fingerprint scannerwebauthnSecurity Keys (needs https)bnf/mfa-webauthnhardware devices containing cryptographic keysyubikeyYubiKey OTP MFA authenticationderhansen/mfa\_yubikeyYubiKey### 4) Extension Setup

[](#4-extension-setup)

SetupDescriptionrequireMfais MFA required for login (users without MFA cannot log in)requireMfaForFrontendUsergroupif requireMfa is active, MFA is only mandatory for this frontend usergroup3. Core Changes
---------------

[](#3-core-changes)

Changes to show and delete MFA Providers for frontend users in Backend (not required for frontend functionality)

### TCA

[](#tca)

#### MfaInfoElement.php

[](#mfainfoelementphp)

File: vendor/typo3/cms-backend/Classes/Form/Element/MfaInfoElement.php at line 69 add

```
        $targetUser->checkPid = false;
```

looks like:

```
        // Initialize a user based on the current table name
        $targetUser = $tableName === 'be_users'
            ? GeneralUtility::makeInstance(BackendUserAuthentication::class)
            : GeneralUtility::makeInstance(FrontendUserAuthentication::class);

        $userId = (int)($this->data['databaseRow'][$targetUser->userid_column] ?? 0);
        $targetUser->enablecolumns = ['deleted' => true];
        // CHANGES BEGIN
        $targetUser->checkPid = false;
        // CHANGES END
        $targetUser->setBeUserByUid($userId);
```

#### MfaAjaxController.php

[](#mfaajaxcontrollerphp)

File vendor/typo3/cms-backend/Classes/Controller/MfaAjaxController.php at line 152

```
        $user->checkPid = false;
```

looks like:

```
        $user->enablecolumns = ['deleted' => true];
        // CHANGES BEGIN
        $user->checkPid = false;
        // CHANGES END
        $user->setBeUserByUid($userId);
```

### Middleware

[](#middleware)

#### FrontendUserAuthenticator.php

[](#frontenduserauthenticatorphp)

Currently, we are overriding the FrontendUserAuthenticator middleware in this extension. We have added the handling of the MfaRequiredException exception and subsequently dispatching an event. So no changes are required.

4. Screenshots
--------------

[](#4-screenshots)

### MFA Setup

[](#mfa-setup)

#### Overview of Available MFA Providers

[](#overview-of-available-mfa-providers)

[![Setup for MFA overview for logged in users](Documentation/Images/mfa-user-setup-overview.png "Setup for MFA overview for logged in users")](Documentation/Images/mfa-user-setup-overview.png)

The Setup plugin starts with an overview of the available MFA providers for logged-in users. Users can select and activate their preferred methods.

#### Example: Setting up Time-based One-Time Password

[](#example-setting-up-time-based-one-time-password)

This image demonstrates the setup process for a Time-based One-Time Password MFA method. Users can follow these steps to configure their MFA device.

[![Setup for MFA provider for logged in users](Documentation/Images/mfa-user-setup-provider.png "Setup for MFA provider for logged in users")](Documentation/Images/mfa-user-setup-provider.png)

### Login Process

[](#login-process)

#### Step 1: felogin Login Form

[](#step-1-felogin-login-form)

Users start by filling out the login form provided by felogin extension.

[![felogin Login Form](Documentation/Images/mfa-login-step-1.png "felogin Login Form")](Documentation/Images/mfa-login-step-1.png)

#### Step 2: MFA Login Form

[](#step-2-mfa-login-form)

After successful authentication with the username and password, users are prompted with the MFA (Multi-Factor Authentication) login form.

[![MFA Login Form](Documentation/Images/mfa-login-step-2.png "MFA Login Form")](Documentation/Images/mfa-login-step-2.png)

default template is `EXT:ig_mfa_frontend/Resources/Private/Extensions/felogin/Templates/Login/Mfa.html`

###  Health Score

32

—

LowBetter than 72% of packages

Maintenance62

Regular maintenance activity

Popularity15

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity34

Early-stage or recently created project

 Bus Factor1

Top contributor holds 92.3% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~381 days

Total

3

Last Release

91d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/ff3c6e52fdf4553df34feb39f01736524a72891956e632acfc81884a8ad4bbb4?d=identicon)[internetgalerie](/maintainers/internetgalerie)

---

Top Contributors

[![abplana](https://avatars.githubusercontent.com/u/94911483?v=4)](https://github.com/abplana "abplana (12 commits)")[![internetgalerie](https://avatars.githubusercontent.com/u/12337059?v=4)](https://github.com/internetgalerie "internetgalerie (1 commits)")

### Embed Badge

![Health badge](/badges/internetgalerie-ig-mfa-frontend/health.svg)

```
[![Health](https://phpackages.com/badges/internetgalerie-ig-mfa-frontend/health.svg)](https://phpackages.com/packages/internetgalerie-ig-mfa-frontend)
```

###  Alternatives

[in2code/femanager

Modern TYPO3 Frontend User Registration.

49745.4k6](/packages/in2code-femanager)[typo3/cms-felogin

TYPO3 CMS Frontend Login - A template-based plugin to log in website users in the TYPO3 frontend.

116.7M99](/packages/typo3-cms-felogin)[causal/ig_ldap_sso_auth

This extension provides LDAP support for TYPO3 by delegating the authentication of frontend and/or backend users to the centrally-managed directory of your organization. It fully supports OpenLDAP and Active Directory and is capable of connecting securely to the authentication server using either TLS or SSL (ldaps://). In case of use in an intranet environment, this extension is a perfect match since it natively brings Single Sign-On (SSO) capability to TYPO3 without any complex configuration.

33377.4k](/packages/causal-ig-ldap-sso-auth)[friendsoftypo3/openid

OpenID authentication for TYPO3 CMS

1396.0k](/packages/friendsoftypo3-openid)[b13/permission-sets

Allows for deployable and re-usable permission sets for backend users

2964.0k3](/packages/b13-permission-sets)[mfc/oauth2

Generic OAuth2 authentication and authorization for TYPO3 CMS

11290.6k2](/packages/mfc-oauth2)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)