The MDVA-31236 Magento patch fixes the issue where Magento admin users with custom resource access cannot set up two-factor authentication (2FA) or log in. This patch is available when the Magento Quality Patch (MQP) tool 1.0.12 is installed.
Affected products and versions
The patch is created for Magento version:
Magento Commerce Cloud 2.4.0.
Compatible with Magento versions:
Magento Commerce and Magento Commerce Cloud 2.4.0-2.4.1.
Note: the patch can be applicable to other versions. To check if the patch is compatible with your Magento version, run ./vendor/bin/magento-patches status.
Issue
Users without administrator privileges cannot currently set up their personal 2FA access. 2FA as implemented in Magento includes two ACL roles. One role affects global system configuration, and it is needed only when configuring the system. The second ACL role affects individual user 2FA accounts. An admin user needs to configure this second type of 2FA ACL.
Apply the patch
For instructions on how to apply an MQP patch, use the following links depending on your Magento product:
- Magento Commerce: DevDocs Apply patches using Magento Quality Patches Tool.
- Magento Commerce Cloud: DevDocs Upgrades and Patches > Apply patches.
Related reading
To learn more about Magento Quality Patches, refer to:
- Magento Quality Patches released: a new tool to self-serve quality patches.
- Check patch for Magento issue with Magento Quality Patches.
For info about other patches available in MQP tool, refer to the Patches available in MQP tool section.