Knowledgebase

Can I Use 2-Step Verification On My Shift4Shop Online Store Manager?
 

2-Step or two-factor verification adds an extra level of security to many of the login processes used online. Everything from banking sites, to cloud storage services and even some social media networks have added 2-Step verification to further secure their customer logins. Beginning with version 8.1, you can also add 2-Step verification to the admin logins of your Shift4Shop Online Store Manager.

Additional Information
Shift4Shop's 2-step authentication method is compatible with either Google or Authy two-factor verification services. Before proceeding with the steps outlined below, be sure to have one of the following 2-Step verification elements set up and ready to use:

Google 2-Step Verification
If you prefer to use Google's 2-step Verification, please ensure you have the following:

  • Setup
    With Google, the 2-step authentication service is added to your Google login account.
    You may begin the process by clicking here and clicking the "Get Started" buttons to complete the set up.
  • Google Authenticator App
    Google's 2-Step authentication also requres that you have the authenticator app installed on your mobile phone. The app is available as a free download on both Android and iOS.

Authy Two-Factor Authentication (2FA)
This is an alternative to Google's 2-step authentication method which also provides back up service (in the event of a lost phone) and other benefits. If you prefer to use this for your 2-step authentication, please make sure you have the following set up on your phone.

  • Authy App
    The app is available as a free download on both Android and iOS.

Once you have the above set up and ready, you can proceed with the following steps.

  1. Log into your Shift4Shop Online Store Manager
  2. Using the left hand navigation menu, go to Settings >General >Administrator Access
  3. Locate your admin login user account from the list and click on the account's Action wheel located at the far right of the listing
  4. Select "Authentication Settings" from the action wheel

A pop up window will appear with a QR code which will be scanned with your mobile phone using the Google Authenticator App described above.

  1. Using your mobile phone, open the Google Authenticator app and tap the button for adding a new entry
  2. Select the option to "Scan a barcode" from the app

Note
Each individual admin user who wants to use 2-step verification will need to perform the this process using their own login and respective mobile phones with the Google or Authy Authenticator app. The process relies on authentication being used on one mobile phone per admin user with the authentication app.

If your username has Full Administrator permissions, you will be able to see all of your store's admin users but you will only be able to add 2-step verification to your own login. Furthermore, users who have limited admin access (i.e. Sales Staff or Webmaster permissions), will only be able to see and edit their own respective logins.

  1. Using your phone's camera, scan the QR code

At this point, the Google Authenticator App will generate a six-digit code for you. This code refreshes itself every 30-seconds.

  1. Enter the six-digit code into the field on the Authentication Settings popup for your admin user.
  2. Click on the "Enable 2 factor authentication" button.

The user login now has 2-step verification added.

Logging in with 2-Step Authentication

Once the setup is complete, you will be able to log into your Shift4Shop Online Store Manager as usual. However, after entering your username and password, a new page will appear with a field where you will enter your authenticator app's six-digit code.

Once the six-digit code/token is entered, you will be logged into the Online Store Manager.

Important
Please make sure the device you are using for the app (i.e. the mobile phone or tablet in which you receive the token/code) is set to the correct time and date. If the device's time and date are inaccurate, the authentication process will fail.

Disabling 2-Step Authentication

If you would like to disable the 2-Step Authentication for your user login, follow these steps:

  1. Log into your Shift4Shop Online Store Manager
  2. Using the left hand navigation menu, go to Settings >General >Administrator Access
  3. Locate your admin login user account from the list and click on the account's Action wheel located at the far right of the listing
  4. Select "Authentication Settings" from the action wheel

A pop up window will appear advising you that the account currently has 2 factor authentication enabled.

  1. Click on the "Disable 2 factor authentication" button to remove it from the login.

Note
As mentioned previously, if your username has Full Administrator permissions you will be able to see all of your store's admin users. While you'll only be able to add 2-step verification to your own login, you will be able to disable 2-step verification from any of the other user logins as needed.

This will be useful if you need to reset the login for an admin user who either locked themselves out inadvertently or otherwise lost their ability to use 2-way verification (i.e. lost phone, slow mobile data connection, etc)
Help Desk Software by Kayako fusion