Resetting two-step authentication

If you have verified ownership of your domain in Settings > Users > Security, then you can reset two-step authentication for users in your organization that have been locked out of their accounts. This lets your organization resolve user lockouts directly, without contacting Shopify Support. Two-step authentication can be reset only for users that have an email address that is associated with your verified domain.

For example, your organization has verified the domain example.com. Two of the users in your organization, Jonathan and Leslie, are locked out of their accounts. Leslie uses the email address leslie@example.com. Because this is an email address that uses the domain that you have verified, you can reset Leslie's two-step authentication. Jonathan uses the email address jonathan@gmail.com. This is an email address that uses a public domain that can't be verified by your organization, so you can't reset Jonathan's two-step authentication. To regain access, Jonathan needs to enter a recovery code. If Jonathan no longer has recovery codes, then Jonathan needs to use the account recovery flow.

Only eligible users can access security settings. If no eligible user in your organization can access security settings, then the locked-out user needs to use the account recovery flow.

Before you reset two-step authentication

Before you can reset two-step authentication, you must complete the steps to verify ownership of your domain. The verified domain must match the locked-out user's email domain. If you have subdomains, then you must verify each one individually.

Reset two-step authentication for a user

If a user in your organization is locked out of their account, then you can reset their two-step authentication from their user profile in the Shopify admin.

Steps:

  1. From your Shopify admin, go to Settings > Users.

  2. Click the user that you want to reset two-step authentication for.

  3. In the Two-step authentication section, click Reset authentication.

  4. Confirm your login information.

  5. Click Reset.

After you have reset the user's two-step authentication, your user is prompted to set up a secure sign-in method if it is required by your organization.