Feature Overview
Yotpo provides multiple authentication methods to help secure and manage access to your account. These include multi-factor authentication (MFA), which adds an extra layer of security during login, and controls over how users access Yotpo from Shopify.
MFA helps protect your account by requiring additional verification beyond a password, reducing the risk of unauthorized access. At the same time, Shopify access settings allow you to control whether users can access Yotpo directly from Shopify or are required to log in with individual accounts.
In this article, you will learn how to manage authentication and access to your Yotpo account.
Getting Started
To manage authentication settings:
In your Yotpo main menu, click the Profile icon in the top right corner.
Go to Account Settings.
Open the Security section.
From here, you can:
Enable or disable multi-factor authentication (MFA)
Control how users access Yotpo from Shopify
Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) adds an extra layer of security by requiring users to verify their identity during login.
Setting Up
Note
The setup process can be done only by the account admin.
To enable MFA for all users:
In your Yotpo main menu, click the Profile icon in the top right corner.
Go to Account Settings.
Open the Security section.
Turn on the Enable MFA toggle.
Once enabled:
MFA is enforced for all users in the organization
New users automatically inherit this setting
If you’re using Single Sign-On (SSO), MFA setup is not required.
Authentication methods
Yotpo supports the following authentication methods:
Authentication apps: Users provide a one-time password using apps like Google Authenticator.
WebAuthn (device biometrics): Users authenticate using device biometrics such as fingerprint recognition.
Resetting Multi-Factor Authentication (MFA)
Admins can reset a user’s MFA setup if needed.
To reset MFA for a user:
Go to Account Settings > Teammates.
Locate the relevant user.
Click the three dots icon (⋮).
Select Reset MFA.
The user will be required to set up MFA again on their next login.
Unlocking a user
To re-enable access for a locked user, see Adding Teammates.
Troubleshooting MFA
If you’re not receiving your MFA verification code:
Verify the correct email address: Make sure you are checking the inbox associated with your user account.
Check spam or junk folders as the email may be filtered incorrectly.
Whitelist Yotpo emails: Add no-reply@yotpo.com to your safe senders list.
Managing Shopify Access
Yotpo allows you to control how users accessing your account from Shopify are authenticated. This is especially useful for organizations with multiple teammates who require more control over user access.
By default, users accessing Yotpo through Shopify can enter without an additional login step, ensuring a seamless experience.
For organizations that require stricter access control, admins can require users to log in with their individual Yotpo accounts instead of accessing Yotpo directly from Shopify.
Authentication Options
You can choose between the following options:
Enable Shopify access
Team members can access Yotpo through Shopify Admin via shared store access.
Users who log in directly via Yotpo use their assigned roles.
Require login for Shopify users (recommended)
Users are redirected to the Yotpo login page.
Each user must log in with their own Yotpo account.
Access is granted based on their assigned role.
Before You Switch
Before requiring login, make sure:
All team members have active Yotpo user accounts
Each user has the correct role assigned
If users do not have accounts, they will not be able to access Yotpo from Shopify.
Important
This setting is available only for Shopify stores with multiple teammates.
Troubleshooting Shopify Access
A teammate lost access after the setting was enabled
If a teammate can no longer access Yotpo after the setting was switched:
Go to Account Settings > Teammates and confirm the teammate is listed.
If they’re not listed, add them and send an invite.
Ask the teammate to log in at yotpo.com and activate their individual account.