diff --git a/InvenTree/InvenTree/settings.py b/InvenTree/InvenTree/settings.py
index 2095cab533..f111629bc9 100644
--- a/InvenTree/InvenTree/settings.py
+++ b/InvenTree/InvenTree/settings.py
@@ -284,6 +284,12 @@ INSTALLED_APPS = [
     'allauth',                              # Base app for SSO
     'allauth.account',                      # Extend user with accounts
     'allauth.socialaccount',                # Use 'social' providers
+
+    'django_otp',                           # OTP is needed for MFA - base package
+    'django_otp.plugins.otp_totp',          # Time based OTP
+    'django_otp.plugins.otp_static',        # Backup codes
+
+    'allauth_2fa',                          # MFA flow for allauth
 ]
 
 MIDDLEWARE = CONFIG.get('middleware', [
@@ -294,6 +300,8 @@ MIDDLEWARE = CONFIG.get('middleware', [
     'django.middleware.csrf.CsrfViewMiddleware',
     'corsheaders.middleware.CorsMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django_otp.middleware.OTPMiddleware',                      # MFA support
+    'allauth_2fa.middleware.AllauthTwoFactorMiddleware',        # Flow control for allauth
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'InvenTree.middleware.AuthRequiredMiddleware'
@@ -689,7 +697,8 @@ ACCOUNT_FORMS = {
 }
 
 SOCIALACCOUNT_ADAPTER = 'InvenTree.forms.CustomSocialAccountAdapter'
-ACCOUNT_ADAPTER = 'InvenTree.forms.CustomAccountAdapter'
+# ACCOUNT_ADAPTER = 'InvenTree.forms.CustomAccountAdapter'  # TODO monkey-patch adapter
+ACCOUNT_ADAPTER = 'allauth_2fa.adapter.OTPAdapter'
 
 # Markdownx configuration
 # Ref: https://neutronx.github.io/django-markdownx/customization/
diff --git a/InvenTree/InvenTree/urls.py b/InvenTree/InvenTree/urls.py
index 77a0e06a0c..9bc4ac8360 100644
--- a/InvenTree/InvenTree/urls.py
+++ b/InvenTree/InvenTree/urls.py
@@ -167,7 +167,8 @@ urlpatterns = [
     url(r'^accounts/email/', CustomEmailView.as_view(), name='account_email'),
     url(r'^accounts/social/connections/', CustomConnectionsView.as_view(), name='socialaccount_connections'),
     url(r"^accounts/password/reset/key/(?P<uidb36>[0-9A-Za-z]+)-(?P<key>.+)/$", CustomPasswordResetFromKeyView.as_view(), name="account_reset_password_from_key"),
-    url(r'^accounts/', include('allauth.urls')),  # included urlpatterns
+    url(r'^accounts/', include('allauth_2fa.urls')),    # MFA support
+    url(r'^accounts/', include('allauth.urls')),        # included urlpatterns
 ]
 
 # Server running in "DEBUG" mode?
diff --git a/requirements.txt b/requirements.txt
index b9f1dfd692..618bb929a1 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -7,6 +7,7 @@ coveralls==2.1.2                # Coveralls linking (for Travis)
 cryptography==3.4.8             # Cryptography support
 django-admin-shell==0.1.2       # Python shell for the admin interface
 django-allauth==0.45.0          # SSO for external providers via OpenID
+django-allauth-2fa==0.8         # MFA / 2FA
 django-cleanup==5.1.0           # Manage deletion of old / unused uploaded files
 django-cors-headers==3.2.0      # CORS headers extension for DRF
 django-crispy-forms==1.11.2     # Form helpers