After July 2021, the 2.3.x release line no longer received quality updates or user guide updates. PHP 7.3 reached end of support in December 2021, and Adobe Commerce 2.3.x reached end of support in September 2022. We strongly recommend upgrading to Adobe Commerce 2.4.x to help maintain PCI compliance.
Admin
This site contains archived merchant documentation for a version of Adobe Commerce and Magento Open Source that has reached end-of-support.
The documentation available here is intended for historical reference only and is not maintained.
The Adobe Commerce Merchant Documentation for current releases is published on the Adobe Experience League.
Stores > Settings > Configuration > Advanced > Admin
Admin User Emails
| Field | Scope | Description |
|---|---|---|
| Forgot Password Email Template | Global | Identifies the email template that is used for the message that is sent when an Admin user(s) forget their passwords. Default template: Forgot Admin Password |
| Forgot and Reset Email Sender | Global | Identifies the store contact that appears as the sender of the Forgot Password email. Default sender: General Contact |
| User Notification Template | Global | Determines the email template that is used as the default for admin notifications. |
Startup Page
| Field | Scope | Description |
|---|---|---|
| Startup Page | Global | Determines the Admin landing page that appears after you log in. |
Admin Base URL
| Field | Scope | Description |
|---|---|---|
| Use Custom Admin URL | Global | Determines if a custom URL is used to access the Magento Admin. Options: Yes / No |
| Custom Admin URL | Global | Specifies a custom URL to access the Magento Admin. By default, the Admin URL is the same as the base URL. Important: The Admin URL must be in the same Magento installation, and have the same document root as the storefront. |
| Use Custom Admin Path | Global | Determines if a custom path is used to access the Magento Admin. The default path is admin. Options: Yes / No |
| Custom Admin Path | Global | Changes the name of the default Admin path to something hard to guess. Enter the custom path name in lowercase characters. For example: aardvark |
Security
| Field | Scope | Description |
|---|---|---|
| Admin Account Sharing | Global | Determines if an Admin user(s) can be logged in to the same account simultaneously from different devices. Options: Yes - Allows multiple active sessions from the same Admin account. No - Allows only one active session per Admin account. |
| Password Reset Protection Type | Global | Determines the method that is used to manage password reset requests. Options: By IP and Email - The password can be reset online after a response is received from the notification is sent to the email address associated with the Admin account. By IP - The password can be reset online without additional confirmation. By Email - The password can be reset only by responding by email to the notification that is sent to the email address associated with the Admin account. None - The password can be reset only by the store administrator. |
| Recovery Link Expiration Period (hours) | Global | Determines the number of hours a password recovery link remains valid. |
| Max Number of Password Reset Requests | Global | Determines the maximum number of password requests that can be submitted per hour. |
| Min Time Between Password Reset Requests | Global | Determines the minimum number of minutes between password reset requests. |
| Add Secret Key to URLs | Global | When enabled, appends a secret key to the Admin URL as a precaution against exploits. Options: Yes / No |
| Login Is Case Sensitive | Global | Determines if login credentials entered by a user must match the case of the ones stored. Options: Yes / No |
| Admin Session Lifetime (seconds) | Global | Determines the length of an Admin session in seconds. |
| Maximum Login Failures to Lockout Account | Global | Determines the number of times Admin users can try to log in before their accounts are locked. If the field is empty, no minimum is set. Default value: 6 |
| Lockout Time (minutes) | Global | Determines the number of minutes an Admin account is locked before the user can try to log in again. Default value: 30 |
| Password Lifetime (days) | Global | Determines the number of days before an Admin password expires. If the field is empty, no lifetime is set. Default value: 90 |
| Password Change | Global | Determines if Admin users are required to change their passwords. Options: Forced - Requires that Admin users change their passwords after the account is set up. Recommended - Recommends that Admin users change their passwords after the account is set up. |
Dashboard
| Field | Scope | Description |
|---|---|---|
| Enable Charts | Global | Determines if the dashboard includes a chart generated from current sales data. Options: Yes / No |
CAPTCHA
| Field | Scope | Description |
|---|---|---|
| Enable CAPTCHA in Admin | Website | Enables CAPTCHA for the Admin login. Options: Yes / No |
| Font | Website | Determines the font that is used to display the CAPTCHA. To add your own font, put the font file in the same directory as your Magento instance, and add the declaration to the config.xml file at app/code/Magento/Captcha/etc Default font: LinLibertine |
| Forms | Website | Determines the form(s) where CAPTCHA is used. Options: Admin Login / Admin Forgot Password |
| Displaying Mode | Website | Determines when the CAPTCHA appears. Options: Always - CAPTCHA is always required to log in. After number of attempts to login - Displays the Number of Unsuccessful Attempts to Login field. Enter the number of login attempts allowed. A value of 0 (zero) is similar to setting Displaying Mode to Always. This option does not cover the Forgot Password and Create User forms. If CAPTCHA is enabled and set to appear, it is always included on the form. Note: To track the number of unsuccessful login attempts, each attempt to log in under one email address and from one IP-address is counted. The maximum number of login attempts allowed from the same IP-address is 1,000. This limitation applies only when CAPTCHA is enabled. |
| Number of Unsuccessful Attempts to Login | Global | Determines the number of times a person can try to login before the account is locked. To track the number of unsuccessful attempts to log in, the system tracks the login attempts from one email address from a single IP-address. The maximum number of attempts allowed from the same IP address is 1,000. This limitation applies only if CAPTCHA is enabled. |
| CAPTCHA Timeout (minutes) | Website | Determines the lifetime of the current CAPTCHA. When the CAPTCHA expires, the user must reload the page. |
| Number of Symbols | Website | Determines the number of symbols that are used in the CAPTCHA. The maximum allowed value is 8. You can also specify a range, for example, 5-8. |
| Symbols Used in CAPTCHA | Website | Determines which symbols are used in the CAPTCHA. Only letters (a-z and A-Z) and numbers (0-9) are allowed. The default set of symbols suggested in the field excludes similar-looking symbols like i, l, or 1. Displaying these symbols in CAPTCHA decreases the chances that a user will recognize CAPTCHA correctly. |
| Case Sensitive | Website | Determines if the characters used in the CAPTCHA are case sensitive. Options: Yes / No |
Admin Actions Logging
| Field | Scope | Description |
|---|---|---|
| Enable Actions | Global | Enables action logging for each of the selected actions: Admin My Account Admin Permission Roles Admin Permission Users Admin Sign In CMS Blocks CMS Hierarchy CMS Pages Cache Management Catalog Attributes Catalog Categories Catalog Events Catalog Price Rules Catalog Product Tax Classes Catalog Product Templates Catalog Products Catalog Ratings Catalog Reviews Catalog Search Checkout Terms and Conditions Custom Variables Customer Groups Customer Invitations Customer Tax Classes Customers Gift Card Accounts Gift Registry Entity Gift Registry Type Index Management Manage Currency Rates Manage Customer Address Attributes Manage Customer Attributes Manage Design Manage Dynamic Blocks Manage Segments Manage Store Views Manage Stores Manage Websites Newsletter Queue Newsletter Subscribers Newsletter Templates PayPal Settlement Reports Reports Reward Points Rates Rule-Based Product Relations Sales Archive Sales Credit Memos Sales Invoices Sales Order Status Sales Orders Sales Shipments Shopping Cart Management Store Credit System Backups System Configuration Tax Rates Tax Rules Transactional Emails URL Rewrites Widget XML Sitemap |
Admin Usage
Admin Usage
| Field | Scope | Description |
|---|---|---|
| Enable Admin Usage Tracking | Global | When set to Yes, Magento anonymously tracks how administrators interact with the Admin to help improve the user experience. Starting with Magento Commerce 2.3.7, this also enables interactive In-Product Guidance, that provides help and tips on using the product from within the Admin UI. Content such as new feature announcements, walk-through guides, onboarding information, tool tips, and more will be available through this feature. |