This is an exploratory test of a new feature or improvement, so please feel free to try anything you like and not just the test steps!

Prerequisites

• This test requires admin access and access to terminal to run CLI commands, as part of the testing will lock out a user from accessing the site.
• You will need a resource for testing SMS sending in AWS (if you are an HQ team member testing this, feel free to reach out to the Platform team who may be able to help with access to an AWS sandbox for testing).

Troubleshooting

IMPORTANT: If you locked yourself out, you can disable the whole MFA plugin from the CLI:

php admin/cli/cfg.php --component=tool_mfa --name=enabled --set=0

You can also reset user authentication factors:

1. As admin go to Plugins > Multi-factor authentication > Reset user authentication factors
2. Search by one user with authentication factors
3. Click on button "Reset user factor"
4. Finally, you must redo the user preferences setup for the SMS factor

Setup

1. As admin go to Site administration > Plugins > Admin tools > Multi-factor authentication
2. Enable the "MFA plugin enabled" setting and save changes.

SMS Sandbox setup

1. Access to https://signin.aws.amazon.com with your credentials.
2. From your AWS Console go to Amazon SNS / Mobile / Text messaging(SMS) and enable it.
3. Include some "Sandbox destination phone numbers"
4. From Security credentials: create a new Access keys for this and save the "Key", "Secret" and Region for the configuration in Moodle. 

More information about SMS sandbox can be found 

• https://aws.amazon.com/blogs/compute/introducing-the-sms-sandbox-for-amazon-sns/
• https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox-verifying-phone-numbers.html
• https://docs.aws.amazon.com/sns/latest/dg/sns-getting-started.html

Test third party libraries

1. As admin, go to Site administration > Development > Third party libraries
2. Verify that the library "AWS SDK for PHP" exist. 
3. Verify that the library "JMESPath" exist. 

Test Mobile phone SMS Authentication:

1. As admin navigate to Site administration > plugins > admin tools > Multi-factor authentication.
2. Enable the "MFA plugin enabled" checkbox and save.
3. Find "SMS mobile phone" in the list of factors and enable the factor.
4. Navigate to the settings for "SMS mobile phone" and make sure the secret validity is not 0.
5. Navigate to Site administrator > plugins > SMS > Manage SMS gateways
6. Click Create a new SMS gateway button.
7. Fill all the fields using the AWS credentials created previously (access key and secret), we are not using user keychain for this, those settings can be ignored.
8. Save changes.
9. Confirm that you can see the newly created SMS Gateway.
10. Navigate back to Site administration > plugins > admin tools > SMS
11. Set "SMS gateway" to your newly created gateway.
12. Access your user preferences / "Multi-factor authentication preferences".
13. Set up the "Mobile phone SMS" factor with a test phone number.
14. Confirm you have received an SMS to your phone number.
15. Enter the code you received and continue. 
16. Log out from your account.
17. Confirm you can log in and can access your Moodle account.