Configuring Multi-Factor Authentication

Proxmox VE allows you to enable multi-factor authentication (MFA).

After logging in with the user account you want to enable two-factor authentication (2FA) for, follow the steps below. If using QR code authentication, ensure you have your authentication device (such as a smartphone) available during login.

Important Notes

If enabling MFA for the initial account fails, you may lose access to the system. It is recommended to create a new user first and ensure that you can log in before enabling MFA.

How to Set Up MFA

1. Click “Data Center” → “Access Control” → “Two-Factor Authentication”.
2. Click “Add” and select “TOTP”.
   
   
3. Select the user who will use TOTP for login and verify that a QR code is displayed.
4. Add a description to clarify which device and authentication app the QR code is linked to.
5. Open a QR code authentication app like Google Authenticator and scan the QR code.
   Scanning the QR code will add an entry such as “Proxmox VE – pve: username@pve” in the app. A six-digit code will be generated and updated periodically. This code will be required for future logins, so ensure you have access to the registered authentication device.
6. Verify your password: Enter your login password.
7. Verify the code: Enter the six-digit code displayed in the authentication app.
   This code has a time limit, so click “Add” before it expires.
8. The user with 2FA enabled will appear in the list.
   Verify that the username and MFA type are correctly set.
9. Log out and log back in to confirm that MFA is required. Enter the six-digit code from Google Authenticator within the given time to complete the login.
   

Note: Multiple QR codes can be generated for MFA. If you want to install the authentication app on multiple devices, it is recommended to generate a separate QR code for each device.