How to Manage Two-Factor Authentication (2FA) as an Admin/Staff

Two-factor authentication (2FA) adds a second layer of security to your account. On top of your password, you'll need a time-sensitive code to log in or make sensitive changes. By default, 2FA is disabled in Upmind.

How to enable 2FA as an Admin/Staff

1. Go to My Account > Security.

2. Scroll down to Two-Factor Authentication and click Enable.

3. Open your authenticator app (e.g., Google Authenticator) on your mobile device and scan the QR code, or use the provided link.

4. Enter the generated code in the field and click Enable.

You will receive an email when it is enabled.

Now, whenever you try to login, 2FA will be required.

How to disable 2FA as an Admin/Staff

1. Go to My Account > Security and click Disable.

2. Open your authenticator app and find the current code for your Upmind account.

3. Enter the code in the provided field on the Security page.

4. Click Disable on the confirmation pop-up to confirm.

You will receive an email when it is disabled.

Enforcing 2FA for Clients

Admin/Staff can require all clients to set up 2FA when they log in.

1. Go to Settings > Client Auth Providers under Users and Permissions.

2. Click the three dots (⋮) next to the relevant auth provider and select Edit.

3. Toggle on Enforce 2FA on Login.

Once enabled, clients will receive an email prompting them to enter a verification code on their next login.

Impersonating a Client to activate 2FA

Admins/Staff can impersonate a client account to activate 2FA on their behalf.

1. Select the client and impersonate them.

2. Go to My Account > Security.

3. Follow the same steps under Enabling 2FA above.

Similarly, you can disable the 2FA for them as well.

2FA when changing your password or email

Upmind requires a verification code any time an admin or staff member changes their own password or email address. This is enabled by default across all brands.

Updating password from account security

When you submit a password or email change, Upmind will send a 6-digit verification code to your current email address. The request won't go through until you enter that code.

1. Submit the password or email change as normal from My Account > Security.

2. Enter the 6-digit code you received in the verification field.

3. Submit again to complete the change.

If the code expires before you use it, restart the process to receive a new one.

Resetting password from login

1. Click Forgotten your password.

2. You will receive an email to reset your password. Click the link.

3. Now, when you try to reset your password, you will be prompted to enter your 2FA code.

Resetting 2FA after losing your authenticator

If you lose access to your authenticator app, another account administrator can reset your 2FA from the admin panel.

If no other administrator is available, send an email to support@upmind.com from the address registered on your Upmind account and the support team will help restore your access.

Enforcing email verification before checkout

You can require clients to verify their email address before they can place an order. This helps confirm contact information and reduces the risk of fraudulent orders.

How it works

The verification check applies at the start of the checkout process, and it does not block registration. Clients can register, return to their basket, and browse without verifying, but they must complete email verification before they can proceed to checkout.

To enable this setting

1. Go to Settings > Security under Branding and Customisation.

2. Enable Require a verified email to place an order.

During registration, clients will see a Verify step, though this is optional at that point, as they can click Back and continue browsing.

The moment they attempt to check out, verification becomes mandatory, and the only available action is to enter the code and continue.