+91 9875180954 info@vivanwebsolution.com
Sylius 2FA plugin blog banner
Posted on / by Vivan Web Solution / in Sylius

Secure Your Sylius Admin Panel: Add Google 2FA with Our Open-Source Plugin

In today’s digital landscape, securing your admin panel is not just an option β€” it’s a necessity. Sylius, the powerful headless eCommerce framework built on Symfony, offers immense flexibility and scalability. However, out of the box, it lacks native support for two-factor authentication (2FA), a critical layer of security. That’s why we developed an open-source plugin that brings Google 2FA support directly into the Sylius admin panel.

In this blog, we’ll guide you through why 2FA matters, how our plugin works, and how you can integrate it into your Sylius project.

Why Add 2FA to Your Admin Panel?

Admin panels are high-value targets for attackers. A compromised admin account can lead to data breaches, lost orders, and compromised customer data. Implementing 2FA helps by:

  • Preventing unauthorized access, even if passwords are leaked
  • Ensuring only trusted devices and users can log in
  • Adding a strong, user-friendly security layer

With Google Authenticator or similar apps, your team can enjoy quick and secure access without needing third-party services.

Introducing Our Google 2FA Plugin for Sylius

Our plugin is lightweight, fast to install, and designed specifically for Sylius Admin users. It works with Google Authenticator and other TOTP (Time-based One-Time Password) apps.

Key Features:

  • Seamless integration into the Sylius admin login
  • QR code setup for mobile apps
  • Optional enforcement for selected roles
  • Extensible and developer-friendly

GitHub Repo: https://github.com/vivanwebsolution/sylius-2fa-plugin

Installation Steps

1 . Install via Composer 
composer require vivanwebsolution/sylius-2fa-plugin
2 . Enable the Bundle

In config/bundles.php, register the bundle:

return [
    // ...
    Scheb\TwoFactorBundle\SchebTwoFactorBundle::class => ['all' => true],
];
3 . Configure the Bundle

Create the config file at config/packages/scheb_2fa.yaml:

scheb_two_factor:
   security_tokens:
       - Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
       - Symfony\Component\Security\Http\Authenticator\Token\PostAuthenticationToken
   google:
       enabled: true
       server_name: 'Sylius Admin'

To clear the Symfony cache, run:

  php bin/console cache:clear
4 . Extend the AdminUser Entity

Modify your AdminUser entity to implement the 2FA interface:

<?php

declare(strict_types=1);

namespace App\Entity\User;

use Doctrine\ORM\Mapping as ORM;
use Sylius\Component\Core\Model\AdminUser as BaseAdminUser;
use VivanWebSolution\Sylius2FAPlugin\Trait\GoogleTwoFactorTrait;
use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface;

#[ORM\Entity]
#[ORM\Table(name: 'sylius_admin_user')]
class AdminUser extends BaseAdminUser implements TwoFactorInterface
{
    use GoogleTwoFactorTrait;
}
5 . Run Database Migrations

Ensure your database isEnsure your database is configured, then run: configured, then run:

php bin/console doctrine:schema:update --force
6 . Override the Admin User Form Template

Create or override the following template:

templates/bundles/SyliusAdminBundle/admin_user/form/sections.html.twig

Include the 2FA section:

{% include '@VivanWebSolutionSylius2FAPlugin/admin/sections.html.twig' %}
7 . Configure Routes

Add the plugin routes to config/routes.yaml:

vivan_sylius_2fa_plugin_admin:
    resource: '@VivanWebSolutionSylius2FAPlugin/config/admin_routing.yaml'
    prefix: /admin

πŸ” How It Works

  1. Login Step 1: The admin logs in with their email and password.
  2. Login Step 2: If 2FA is enabled for the user, a 6-digit code prompt appears.
  3. Setup: During the first login, a QR code is shown to scan with the Google Authenticator app.
  4. Access: Upon successful code verification, the user is granted access.
  5. No internet? No problem. Google Authenticator works offline and generates codes based on time.

Customization Options

You can easily:

  • Modify the 2FA prompt template to match your admin theme
  • Enable 2FA for only specific user roles (e.g., Admin only)
  • Extend with backup codes or trusted device functionality (coming soon!)

Conclusion

Securing your eCommerce backend should be a top priority. With our open-source Google 2FA plugin for Sylius, you can easily enhance admin panel protection without adding complexity.

Ready to get started?

πŸ”— Download the Plugin Now on GitHub

Protect your platform, secure your users, and build trust with a few simple steps.

πŸ”— Useful Links

Tags:
Posted by Vivan Web Solution

Leave a Reply

×