Skip to Content

Multi-Method 2FA for Odoo

by
Odoo

116.06

In-App Purchases
v 19.0 Third Party
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Website (website)
Discuss (mail)
Lines of code 2831
Technical Name edsi_totp_auth
LicenseLGPL-3
Websitehttps://ed-si.fr
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Website (website)
Discuss (mail)
Lines of code 2831
Technical Name edsi_totp_auth
LicenseLGPL-3
Websitehttps://ed-si.fr
Module: edsi_totp_auth Version: 19.0.1.2.0 Publisher: EDSI SAS License: LGPL-3
Security Module · Odoo 19

Multi-Method 2FA for Odoo
TOTP, Mail, SMS, Backup Codes & Passkeys

The most complete Two-Factor Authentication module for Odoo — every method, every user group, every compliance requirement. One purchase, forever yours.

TOTP (Google / Microsoft Authenticator) Email & SMS codes Backup codes WebAuthn / FIDO2 Passkeys Trusted devices
★ One-time purchase — no subscription, yours forever
Up and running in 3 steps

No developer required. Install, configure, done.

1
Install the module
Upload via Apps or Odoo.sh. The module auto-extends auth_totp — no manual wiring needed.
2
Configure your policies
Choose which user groups must enable 2FA, set a grace period, and pick the allowed authentication methods.
3
Monitor adoption
The real-time dashboard shows compliance per group instantly. Send reminders to non-compliant users in one click.
Two features that set us apart

Most 2FA modules do one thing. This one does everything — and puts you in control.

1

Every 2FA method in a single module

Users can authenticate with a TOTP app, a one-time code sent by email or SMS, a set of renewable backup codes, or a hardware-grade passkey (Face ID, Windows Hello, YubiKey). A trusted-device mechanism lets recognised browsers skip the challenge for a configurable period.

TOTP Email OTP SMS OTP Backup codes Passkeys / FIDO2 Trusted devices
2

Group-based policies with real-time dashboard

Define granular policies per user group — mandatory enforcement, grace periods with countdown, or warning-only mode. Track adoption in real time with per-group compliance statistics, activity trends, and a live dashboard that instantly shows your security exposure.

Group policies Adoption stats Real-time dashboard Grace periods Compliance audit
PRICING

One purchase. Yours forever.

No monthly fee, no annual renewal, no hidden costs. Buy once and use the module indefinitely on your Odoo instance.

✓ Single one-time payment ✓ No subscription required ✓ No external service fees ✓ Lifetime use on your instance
Why your Odoo needs 2FA today

Password-only access is the single biggest attack surface in any ERP deployment.

Without 2FA

One compromised password gives full ERP access
No audit trail of suspicious login attempts
Non-compliant with NIS2, ISO 27001 & cyber insurance
Brute-force attacks go undetected and unlimited
No visibility on which users haven't secured their accounts

With Multi-Method 2FA

Even stolen passwords cannot unlock accounts
Full audit log with IP, method, and timestamp
Demonstrable 2FA enforcement for compliance audits
Configurable rate-limiting blocks brute-force attempts
Real-time adoption dashboard — know your exposure instantly
Everything you need — nothing you don't

A complete 2FA engine built natively for Odoo, requiring no external paid service.

TOTP
TOTP Setup Wizard
Step-by-step QR code enrollment compatible with any TOTP app (Google, Microsoft, Authy…). Users are up and running in under 60 seconds.
EMAIL
Email OTP
Send a one-time code directly to the user's registered email address — no authenticator app required.
SMS
SMS OTP
Deliver a time-limited code by SMS. Ideal for users who prefer mobile verification over an app.
RECOVERY
Renewable Backup Codes
8-character emergency codes stored as SHA-256 hashes. Fully renewable at any time. Users never lose access, even without their phone.
UX
Trusted Devices
Skip the challenge on recognised devices for a configurable number of days. Security without daily friction.
PASSKEYS
WebAuthn / Passkeys
Support for Face ID, Windows Hello, YubiKey and FIDO2 security keys. Full sign-count clone detection included.
POLICY
Group Security Policies
Enforce 2FA by user group: mandatory enforcement, configurable grace period with countdown, or warning-only banner.
ANALYTICS
Real-Time Dashboard
Live adoption rate, compliance by user group, activity trends, and a non-compliant user list — all in one view.
COMPLIANCE
Full Audit Log
Every 2FA attempt logged with user, method, IP address, user-agent, and outcome. Ready for security reviews.
SECURITY
Rate Limiting
Configurable brute-force protection: lockout threshold, IP-based blocking, cooldown periods. No external service required.
NOTIFICATIONS
Automated Reminders
Automatic email reminders sent to users who haven't yet enabled 2FA, with grace period countdown.
I18N
6 Languages Included
Full translations included for French, Spanish, German, Italian and Dutch — in addition to English. No extra configuration required.
Compatibility & Requirements

Currently built and tested for Odoo 19. Ports to 17 & 18 are on the roadmap.

Odoo 16
Not planned
Odoo 17
Planned
Roadmap — Q3 2025
Odoo 18
Planned
Roadmap — Q3 2025
Odoo 19
✓ Supported
Current version
Odoo module dependencies
auth_totp mail sms web base_setup
Installation & Setup

Self-hosted or Odoo.sh — no command line, no extra server configuration.

Installation

  1. Download the module ZIP from the Odoo App Store
  2. Upload via Settings → Apps → Upload Module, or drop it in your addons folder (Odoo.sh: push to your repo)
  3. Click Install in the Apps list — dependencies are pulled automatically
  4. A setup wizard guides you through first-run configuration

Post-install configuration

  • Go to Settings → 2FA Security Policies
  • Choose which Odoo groups are targeted (Administrators, Sales, Accounting…)
  • Set enforcement level and grace period
  • Enable the authentication methods you want to offer
  • Check the adoption dashboard — users are notified automatically
📱 SMS OTP — provider note: SMS delivery uses Odoo IAP (the native Odoo SMS gateway), which requires IAP credits on your Odoo account. Any IAP-compatible SMS provider (including Twilio via IAP bridge) also works. No additional module or API key is needed beyond your existing Odoo SMS setup.
See it in action

Clean, native Odoo interface — no custom theming required.

① 2FA Setup
Odoo user preferences security tab with 2FA setup button, passkeys and devices

Security tab — enable 2FA, manage passkeys and connected devices.

 TOTP setup wizard with QR code, secret key, backup codes and verification field

TOTP wizard — QR code, manual secret key, backup codes and verification in one page.
② Login Flow
Odoo login page first step

Standard login — username and password entry.

 2FA challenge screen where user enters the authentication code

2FA challenge — code entry after password authentication.

Access Dashboard, Statistics & 2FA Policies from the Settings menu:

Where to find the 2FA dashboard, statistics and security policies in Odoo Settings
③ Dashboard & Statistics
Real-time 2FA adoption dashboard showing compliance rate by user group

Real-time dashboard — adoption rate and compliance by user group.

2FA adoption statistics with activity trends and non-compliant user list

Detailed statistics — activity trends and non-compliant user list.

④ Security Policies
Security policies list showing all configured group policies

Security policies list — overview of all configured group policies.

Security policy form showing enforcement type, grace period and target user groups

Policy editor — target group, enforcement level and grace period.

Who is this for?

Any company running Odoo that takes account security seriously.

SMBs & Enterprises
Enforce 2FA across all staff without IT overhead
Regulated Industries
Finance, healthcare, legal — meet NIS2 & cyber insurance requirements
Odoo Integrators
Deliver a production-ready 2FA solution to every client
E-commerce Operators
Protect back-office accounts handling orders, payments, and customer data
Built for security. Built for compliance.
GDPR & NIS2 Ready Audit logs and enforced 2FA satisfy regulatory access-control requirements No Third-Party Dependency Runs entirely on your Odoo instance — no SaaS subscription, no external API Native Odoo Integration Extends auth_totp — no UI overrides, no conflicts with other modules
6 Languages, Zero Configuration English, French (fr), Spanish (es), German (de), Italian (it), Dutch (nl) — active out of the box Hashed Storage Backup codes stored as SHA-256 hashes — plaintext never persisted Unit Tested Full test suite covering core authentication flows and edge cases
Frequently Asked Questions
Is this a subscription or a one-time purchase?
It is a one-time purchase. You pay once and own the module permanently — no annual renewal, no monthly fee.
Does this replace Odoo's built-in 2FA?
No — it extends it. This module builds on Odoo's native auth_totp foundation, adding email OTP, SMS OTP, renewable backup codes, policy enforcement, audit logging, adoption statistics, rate-limiting, and WebAuthn/passkey support.
Can I make 2FA mandatory only for administrators, not all users?
Yes. Security policies can target any combination of Odoo user groups. You can enforce 2FA for accountants and administrators immediately, while giving other staff a grace period or a simple warning banner.
What happens if a user loses their phone and their backup codes?
Administrators can reset a user's 2FA directly from the back-office user form, generating fresh backup codes or disabling 2FA temporarily to allow re-enrollment.
Does it work with Odoo SaaS / Odoo.sh?
This module is designed for self-hosted and Odoo.sh deployments where custom modules can be installed. Odoo SaaS (odoo.com) does not support third-party module installation.
Changelog

Actively maintained — new features and fixes shipped regularly.

v1.2.0
2026
  • Added Email OTP and SMS OTP authentication methods
  • Added renewable backup codes with admin regeneration
  • Added WebAuthn / FIDO2 passkey support with clone detection
  • Real-time adoption dashboard with per-group compliance view
  • Translations: fr, es, de, it, nl
v1.1.0
2025
  • Group-based security policies with grace periods
  • Trusted device management
  • Brute-force rate limiting and IP blocking
  • Full audit log (user, method, IP, user-agent, outcome)
v1.0.0
2025
  • Initial release — TOTP setup wizard with QR code enrollment
  • Backup codes (SHA-256 hashed storage)
  • Admin reset & re-enrollment flows
Support & Maintenance

Your purchase includes everything below — no separate support contract needed.

📧
Email Support
Reach us at contact@ed-si.fr. We respond to bug reports and installation questions within 2 business days.
🔄
Free Updates
All minor updates and bug fixes for the purchased major version are included at no extra cost — forever.
🛡️
Security Patches
Security-related fixes are published as priority patches and announced to all buyers by email.
🗺️
Roadmap Transparency
Odoo 17 & 18 ports are planned. Buyers of v19 get the corresponding version at a discounted upgrade price.

Secure every Odoo account — starting today.

Add enterprise-grade 2FA to your Odoo deployment in minutes. No external services. No subscription. One purchase, forever yours.

Published by EDSI SAS ed-si.fr contact@ed-si.fr Version 19.0.1.2.0

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author or have a question related to your purchase, please use the support page.