Setting up two-factor authentication (MFA)

Setting up two-factor authentication (MFA)

MFA (multi-factor authentication) protects your Shiftdesk account even if your password ever falls into the wrong hands. At login, Shiftdesk additionally asks for a one-time code from your authenticator app.

Requirements

You need a TOTP-capable app on your smartphone. Recommended:

  • Google Authenticator (iOS / Android)
  • Microsoft Authenticator
  • Authy
  • 1Password or Bitwarden (with TOTP function)

Step-by-step setup

  1. Go to Account β†’ Security β†’ Two-factor authentication.
  2. Click Enable MFA.
  3. Scan the displayed QR code with your authenticator app. Alternatively, you can enter the setup key manually.
  4. Enter the 6-digit code from the app to confirm the connection.
  5. Click Enable.

Saving backup codes

Right after activation, Shiftdesk shows you 10 single-use backup codes. You'll need these if you lose your smartphone.

> Important: Save the codes immediately in a secure place β€” e.g. in a password manager or printed out in a safe. Each code works exactly once.

Logging in with MFA

The next time you sign in:

  1. Enter your email and password as usual.
  2. Shiftdesk asks for the 6-digit code from your app.
  3. Enter the code, done.

Lost your smartphone?

  1. On the login page, click Sign in with backup code.
  2. Enter one of your saved backup codes.
  3. After logging in: Go to Account β†’ Security and set up MFA again with a new device.
If you've also run out of backup codes, contact your Shiftdesk administrator. They can reset MFA for your account β€” you then have to re-authenticate.

Enforcing MFA for everyone

As an admin, you can enable mandatory MFA for all employees under Settings β†’ Security. Employees without MFA are then required to set it up at their next login.

Previous article

Creating API keys for external systems

Next article

Custom employee fields

Related articles

Creating API keys for external systems

With API keys, external systems β€” such as your POS system, a BI tool, or your own script β€” can access Shiftdesk data. Each key receives precisely defined **scopes**, so you can keep access as narrow as possible.

Managing locations

Locations are the top level of your organization structure in Shiftdesk. Each location has its own address, time zone, and a country and state β€” these values affect clock-in/out times, reports, and the automatic public holiday import.

Setting up departments and teams

Shiftdesk structures your organization into three levels: **Location β†’ Department β†’ Team**. This hierarchy helps you plan shifts clearly, assign permissions cleanly, and run targeted reports.

Importing and managing public holidays

Public holidays serve two important functions in Shiftdesk: by default they block scheduling (in line with **ArbZG Β§ 9**, rest on Sundays and public holidays) and they activate **public holiday surcharges** via the rate cards.

Still have questions?

Can't find what you're looking for? Get in touch β€” we're happy to help personally.

Try Shiftdesk for free
Setting up two-factor authentication (MFA) Β· Knowledge base | Shiftdesk