How to enforce email-2FA for your users
Before we explain this, it's important to know that, when you enable email-2FA, it will apply only on the selected (listed) user roles. If you don't select (list) any of the user roles, 2FA will not work.
How to enforce email-2FA for your users
If you go to the Shield main menu > Config > Login Guard > 2FA By Email > Enforce-Email Authentication, you'll see the list of the user roles, such as contributor, author, administrator, subscriber, shop_manager, etc.
Here, you can provide custom roles for email-2FA enforcement.
Let's say you want to enforce email-2FA for Administrators and Subscribers only.
You'll just need to set-up email-based 2FA and make sure that those roles are listed (selected).
Note: If a user has multiple roles assigned to it, all roles will be checked against this list.
Next time Administrators and Subscribers try to login, they'll be enforced to email-based authentication: