How to enforce email-2FA for your users

Before we explain this, it's important to know that, when you enable email-2FA, it will apply only on the selected (listed) user roles. If you don't select (list) any of the user roles, 2FA will not work.

How to enforce email-2FA for your users

If you go to the main Security Zones menu > Login > Zone Actions > click Configure All Related "Login" Options > 2FA: Email > Enforce-Email Authentication, you'll see the list of the user roles, such as contributor, author, administrator, subscriber, shop_manager, etc.

Here, you can provide custom roles for email-2FA enforcement.

Let's say you want to enforce email-2FA for Administrators and Subscribers only.

You'll just need to set-up email-based 2FA and make sure that those roles are listed (selected).

Note: If a user has multiple roles assigned to it, all roles will be checked against this list.

(see the screenshot below)

Next time Administrators and Subscribers try to login, they'll be enforced to email-based authentication: