Articles in this section

How to Manage Multi-Factor Authentication (MFA) for Users

Updated

Multi-factor authentication (MFA) — also called two-factor authentication (2FA) — adds an extra layer of security to your ShipHero account by requiring a verification code at login. You can enable, disable, and manage MFA for individual users or in bulk from the Users page.

Table of Contents

MFA Requirements and Behavior

  • MFA is adaptive: You'll only be prompted for a code when your login appears suspicious — such as signing in from a new device or an unusual location.
  • Only users with an Admin role or Edit Users permission can enable or disable MFA for themselves and others.
  • ShipHero does not support MFA via email. Use an authenticator app such as Google Authenticator, Microsoft Authenticator, or the native Passwords app on iPhone.
  • MFA is required for sensitive actions like issuing a refund and will be triggered on the first refund of each day.
  • API usage: Enabling MFA for a standard user account will prevent its API tokens from working. Either disable MFA for that user or switch to a third-party developer account for API access.

How to Enable or Disable MFA

MFA is managed at the individual user level. You can update it one user at a time or for multiple users at once.

If you disable then re-enable MFA for a user, they will need to register their device again.

Managing MFA for an Individual User

  1. Go to the Users Page and click a user's name to open their settings.
  2. Toggle the Multi-Factor Authentication setting On to enable or Off to disable.
  3. Click Save.
User settings page showing the Multi-Factor Authentication toggle

Managing MFA for Multiple Users

  1. Go to the Users Page and check the users you want to update.
  2. Click the Enable MFA button.
  3. When prompted, confirm by clicking Enable.
Users page with checkboxes selected and the Enable MFA bulk action button

Registering a Device for MFA

Once MFA is enabled, users will be prompted to register a device on their next login. This registered device acts as the second verification source — it does not need to be the same device you use to log into ShipHero.

  1. Log into ShipHero with your username and password.
  2. Scan the QR code with the device you want to use for MFA.
  3. Enter the code from your authenticator app and click Continue.

After authenticating for the first time, ShipHero displays a recovery code. Save this code somewhere secure — you'll need it if you ever lose access to your authentication device. Check I have safely recorded this code to complete login.

Scan QR Code Enter MFA Code

Staying Signed In: Remember This Device

When signing in on web or mobile, select Remember this device for 30 days to stay signed in on that device for the next 30 days. ShipHero will not prompt you to log in again on that device during that period. This option is available on both the web and mobile sign-in screens.

[Add descriptive alt text here]

Related to

More Resources

  • ShipHero Public API

    Connect your tools and AI agents directly to ShipHero with the Public API. Build powerful integrations, automate workflows, and tap into real-time data using the AI tools you prefer, with the option for secure, read-only access for AI-driven insights without added risk.

  • ShipHero Academy

    Explore ShipHero Academy for certifications, deep-dive training, and expert-led courses on WMS and fulfillment. Build your expertise and help your team operate at a higher level.

  • Change Log

    Stay up to date with the latest improvements across ShipHero. The Change Log gives you a clear view of new features, enhancements, and fixes as they roll out—so you always know what’s new and what’s better.