The MDVA-31236 Magento patch fixes the issue where Magento admin users with custom resource access cannot set up two-factor authentication (2FA) or log in. This patch is available when the Quality Patches Tool (QPT) 1.0.12 is installed.
Affected products and versions
The patch is created for Magento version: Magento Commerce Cloud 2.4.0.
Compatible with Magento versions: Magento Commerce and Magento Commerce Cloud 2.4.0-2.4.1.
Note: the patch might become applicable to other versions with new QPT tool releases. To check if the patch is compatible with your Magento version, run ./vendor/bin/magento-patches status .
Issue
Users without administrator privileges cannot currently set up their personal 2FA access. 2FA as implemented in Magento includes two ACL roles. One role affects global system configuration, and it is needed only when configuring the system. The second ACL role affects individual user 2FA accounts. An admin user needs to configure this second type of 2FA ACL.
Apply the patch
For instructions on how to apply an QPT patch, use the following links depending on your Magento product:
- Magento Commerce: DevDocs Apply patches using Quality Patches Tool .
- Magento Commerce Cloud: DevDocs Upgrades and Patches > Apply patches .
Related reading
To learn more about Quality Patches Tool, refer to:
- Quality Patches Tool released: a new tool to self-serve quality patches .
- Check patch for Magento issue with Quality Patches Tool .
For info about other patches available in QPT tool, refer to the Patches available in QPT tool section.