强制所有用户使用两步验证
在 Shopify 组织后台的用户 > 安全性中,您可以要求组织中的所有用户使用两步验证来登录您的商店。
本页相关主题
强制使用两步验证的注意事项
强制执行两步验证
管理错误
禁用强制使用两步验证
强制使用两步验证的注意事项
强制组织中的所有用户使用两步验证需要用户管理 访问权限。
对于某些用户,无法强制他们使用两步验证。您仍然可以将所有用户设置为需要使用两步验证,但这项设置不会强制要求以下用户类型使用两步验证:
以前的员工
仅限使用 POS 应用
合作者
需要使用 SAML 身份验证的用户
登录 Shopify POS 的用户
登录 8.72.0 之前版本的 Shopify 移动应用的用户
在 Shopify 组织后台中强制所有用户使用两步验证后,无法针对单个用户管理两步验证。在之后将两步验证强制设置更改为单个用户管理不会恢复他们的登录要求,但如果您想删除两步验证要求,则可以单独管理用户。
例如,假设您的组织中的一名用户 Phillipa 不需要使用两步验证。然后,您为组织启用了强制使用两步验证。现在,您的所有用户(包括 Phillipa)都需要使用两步验证才能登录。随后,您将强制设置更改为管理特定用户。Phillipa 的用户账户仍被设为需要使用两步验证才能访问您组织中的所有商店。如果您想删除两步验证要求,您可以通过她的用户页面进行此操作。
由于可以通过身份服务提供商要求进行两步验证,因此需要使用 SAML 身份验证的用户不会受到此设置的影响。如果已从这些用户中删除 SAML 要求,并且您需要在组织中使用两步验证,则在进行更改后将要求他们使用两步验证。
例如,假设您为组织启用了强制使用两步验证。您有一名用户 Emmy 需要使用 SAML 身份验证才能登录。后来,您删除了 Emmy 的 SAML 要求。从那时起,系统会自动要求她使用两步验证进行登录。
强制执行两步验证
步骤:
在 Shopify 组织后台中,转到用户 > 安全。
在两步验证部分,点击更改设置。
选择要求所有用户使用。
点击保存。
强制使用两步验证需要一段时间,具体取决于您组织中的用户数。安全页面上会显示一条横幅,表明您的更改正在进行中,您将在此过程完成后收到一封电子邮件。电子邮件中还会注明在强制使用期间是否存在任何错误,并列出尚未完全强制使用的所有用户。
管理错误
当您启用强制使用两步验证时,所有商店中的每个用户账户都将被设为需要使用两步验证。因此,可能出现流程对于某些用户已完成,但对另一些用户没有完成的情况,并且某些用户可能在不同的商店中具有不同的登录要求。
例如,假设您的组织中有三家商店。您启用了强制使用两步验证强制,并且在该过程完成后,您收到了一封电子邮件,其中注明针对您的一名用户 Daveed,您的两步验证更改未完成。在此状态下,您组织中除 Daveed 以外的每个用户都需要使用两步验证才能登录。这意味着,虽然 Daveed 可能需要对您的某些商店使用两步验证验证,但他可以在不进行身份验证的情况下登录其他商店。
如果在启用两步验证后收到错误,请尝试再次启用强制使用。
步骤:
在 Shopify 组织后台中,转到用户 > 安全。
在两步验证部分中,点击重试。
如果您强制某个用户使用两步验证的过程重复失败,请联系 Shopify Plus 客服。
禁用强制使用两步验证
在 Shopify 组织后台中,转到用户 > 安全。
在两步验证部分,点击更改设置。
选择特定的用户。
点击保存。
Shopify商户官网原文详情:
Enforced two-step authentication for all users
From Users > Security in the Shopify organization admin, you can require all users in your organization to use two-step authentication to log in to your stores.
On this page
Considerations for enforcing two-step authentication
Enforce two-step authentication
Manage errors
Disable two-step authentication enforcement
Considerations for enforcing two-step authentication
Enforcing two-step authentication for all users in your organization requires the User management access.
Two-step authentication can't be enforced for certain users. You can still set two-step authentication to be required for all users, but it won't be enforced for the following user types:
legacy staff
POS app only
collaborator
users that are required to use SAML authentication
users logging in to Shopify POS
users logging in to versions of the mobile Shopify app older than version 8.72.0
After you enforce two-step authentication for all users in the Shopify organization admin, two-step authentication can't be managed for individual users. Changing your two-step enforcement setting to individual user management afterwards doesn't revert their login requirements, but does allow users to be managed individually if you want to remove the two-step authentication requirement.
For example, suppose that a user in your organization, Phillipa, is not required to use two-step authentication. You then enable enforced two-step authentication for your organization. All your users, including Phillipa, are now required to use two-step authentication to log in. Later, you change your enforcement setting back to managing specific users. Phillipa's user accounts are still set to require two-step authentication for all stores in your organization. If you want to remove the two-step authentication requirement, you can do so through her user page.
Because two-step authentication can be required through an identity provider, users that are required to use SAML authentication aren't affected by this setting. If the SAML requirement is removed from these users and you require two-step authentication in your organization, then they will be required to use two-step authentication after the change is made.
For example, suppose that you enable enforced two-step authentication for your organization. You have a user, Emmy, who is required to use SAML authentication to log in. Later, you remove Emmy's SAML requirement. She will automatically be required to use two-step authentication to log in from that point on.
Enforce two-step authentication
Steps:
From the Shopify organization admin, go to Users > Security.
In the Two-step authentication section, click Change setting.
Select Required for all users.
Click Save.
Enforcing two-step authentication takes some time, depending on how many users are in your organization. A banner displays on the Security page indicating that your changes are in progress, and you'll receive an email when the process is complete. The email will also note if there were any errors during enforcement, and list all users that aren't fully enforced.
Manage errors
When you enable two-step authentication enforcement, every user account in all your stores is set to require two-step authentication. As a result, it's possible for the process to complete for some users but not for others, and for some users to have different login requirements in different stores.
For example, suppose that in your organization you have three stores. You enable enforced two-step authentication, and after the process is complete, you receive an email stating that your two-step authentication changes didn't complete for one of your users, Daveed. In this state, every user in your organization except Daveed needs to use two-step authentication to log in. This means that while Daveed might need to use two-step authentication for some of your stores, there are other stores where he can log in without authenticating.
If you receive an error after enabling two-step authentication enforcement, then try enabling enforcement again.
Steps:
From the Shopify organization admin, go to Users > Security.
In the Two-step authentication section, click Try again.
If enforcing two-step authentication for one of your users fails repeatedly, then contact Shopify Plus Support.
Disable two-step authentication enforcement
From the Shopify organization admin, go to Users > Security.
In the Two-step authentication section, click Change setting.
Select Specific users.
Click Save.
文章内容来源:Shopify商户官方网站