How to enforce email-2FA for your users
Before we explain this, it's important to know that, when you enable email-2FA, it will apply only on the selected (listed) user roles. If you don't select (list) any of the user roles, 2FA will not work.
How to enforce email-2FA for your users
If you go to the Shield main navigation menu > Security Zones and click gear icon next to User zone to edit settings for this entire Zone, a configuration sidebar window will open up for you. Then, select 2FA: Email tab > Enforce-Email Authentication option, you'll see the list of the user roles, such as contributor, author, administrator, subscriber, shop_manager, etc. (see the screenshot below)
Here, you can provide custom roles for email-2FA enforcement.
Let's say you want to enforce email-2FA for Administrators and Subscribers.
You'll just need to set-up email-based 2FA and make sure that those roles are listed (selected).
Note: If a user has multiple roles assigned to it, all roles will be checked against this list.
Next time Administrators and Subscribers try to login, they'll be enforced to email-based authentication as shown in the screenshot below.
