Articles in this section

How to Manage Multi-Factor Authentication (MFA) for Users

Updated

Multi-factor authentication (MFA) — also called two-factor authentication (2FA) — adds an extra layer of security to your ShipHero account by requiring a temporary code at login. This guide covers how to enable, disable, and manage MFA for your users.

Important Notes

  • MFA is adaptive: You'll only be prompted for a code when your login appears suspicious — such as signing in from a new device or an unusual location.
  • Only users with an Admin role or Edit Users permission can enable or disable MFA for themselves and others.
  • ShipHero does not support MFA via email. You must use an authenticator app such as Google Authenticator, Microsoft Authenticator, or the native Passwords app on iPhone.
  • MFA is required for sensitive actions like issuing a refund and will be triggered on the first refund of each day.
  • API Usage: Enabling MFA for a standard user account will prevent its API tokens from working. To avoid this, either disable MFA for that user or switch to a third-party developer account for API access.

How to Enable/Disable MFA

MFA is managed at the individual user level. You can update it one user at a time or for multiple users at once.

If you disable then re-enable MFA for a user, they will need to register their device again.

Managing MFA for an Individual User

  1. Go to the Users Page and click a user's name to open their settings.
  2. Toggle the Multi-Factor Authentication setting On to enable or Off to disable.
  3. Click Save.

Managing MFA for Multiple Users

  1. Go to the Users Page and check the users you want to update.
  2. Click the Enable MFA button.
  3. When prompted, confirm by clicking Enable.

Registering a Device

Once MFA is enabled, users will be prompted to register a device on their next login. This registered device acts as the second verification source — it does not need to be the same device you use to log into ShipHero.

  1. Log into ShipHero with your username and password.
  2. Scan the QR code with the device you want to use for MFA.
  3. Enter the code from your authenticator app and click Continue.

After authenticating for the first time, you'll be shown a recovery code. Save this somewhere secure — you'll need it if you ever lose access to your authentication device. You must check I have safely recorded this code to complete login.

Was this article helpful?
1 out of 4 found this helpful

More Resources

  • ShipHero Public API

    Connect your tools and AI agents directly to ShipHero with the Public API. Build powerful integrations, automate workflows, and tap into real-time data using the AI tools you prefer, with the option for secure, read-only access for AI-driven insights without added risk.

  • ShipHero Academy

    Explore ShipHero Academy for certifications, deep-dive training, and expert-led courses on WMS and fulfillment. Build your expertise and help your team operate at a higher level.

  • Change Log

    Stay up to date with the latest improvements across ShipHero. The Change Log gives you a clear view of new features, enhancements, and fixes as they roll out—so you always know what’s new and what’s better.