This howto document is to show case how the phpmyadmin is configured for our web portal and how we have secured it with 2fa.

Since there was a need to provide phpmyadmin to external user, we found that by default all mysql users will have access. To secure the access, we decided to enable 2fa on phpmyadmin

1. To enable phpmyadmin, create a database called phpmyadmin on the primary database server.
2. For all the users in mysql, we have to give permission to this database with 'select,insert,update' permissions. To do the same, login in as root user in mysql and given the following commands where username has to be substituted with the mysql usernames. Repeat this for all the users in mysql.

   grant select,insert,update on phpmyadmin.* to username;
   flush privileges;

3. Login in a as mysql user in phpmyadmin, select settings, and choose two factor authentication
4. Select enable two factor authentication (time based) on the settings and save.
5. Scan the qrcode in Google authenticator and then type the verification code in the box given.
6. This enables 2FA for the specific user.
7. Repeat the same steps (3 to 6) for all the users.
8. Verify from different systems and different browsers if the 2FA is working.

To disable 2fa for a specific user, delete the user record from pma__userconfig table in phpmyadmin database.