Everything you need to know about running Simple MFA on your store — managing customers, configuring policy, handling billing, and keeping things running after theme updates.
Customers
The Customers section in the Simple MFA admin panel lets you look up any customer and manage their credentials and MFA status.
Go to Customers in the Simple MFA admin panel. Search by email address to find a customer. The result shows whether they have a local credential (password set), whether MFA is enrolled, and their last login activity.
Open the customer drawer and click Send password reset email. The customer will receive an email with a secure link to set a new password. If the customer has never claimed their account, a magic link email is sent instead to guide them through first-time setup.
If a customer has lost access to their authenticator app and their backup codes, open their drawer in the Customers panel and click Disable MFA. This removes their enrolled TOTP factor. They can re-enrol on their next login.
Settings
Control how MFA is enforced across your store from the Settings panel.
Three modes are available under Settings → MFA policy:
You can display a custom message on the Simple MFA login page — useful for communicating store policies or promotions. Set it under Settings → MFA policy → Login message. Maximum 200 characters. Leave blank to show no message.
When a customer completes MFA login, they are offered the option to trust their current device for 30 days. Trusted customers skip the MFA step on return visits from that device. This cannot be disabled — it is a core part of the customer experience to reduce friction for repeat visitors.
Your customers
Customers can manage their own MFA and password from the Security settings page in their store account area.
Simple MFA adds a Security settings link to the customer account navigation. From that page, customers can:
When a customer enrols in MFA, they are given a set of one-time backup codes to save. If they lose access to their authenticator app, they can use a backup code at the MFA step to sign in. Codes are single-use. Customers can generate a fresh set from their Security settings page at any time — this invalidates all previous codes.
If a customer has lost both their authenticator app access and their backup codes, a store admin can disable MFA for them from the Customers panel in the Simple MFA admin. The customer can then log in with their password and re-enrol MFA on their next login.
Maintenance
BigCommerce theme updates overwrite edited files — including the login page template that Simple MFA requires.
After applying any theme update or switching to a new theme, check the Secure login page status in the Simple MFA admin panel (shown on the Overview page). If it shows Required rather than Active, the login page template has been overwritten and needs to be re-applied.
Click Apply now to re-apply automatically, or follow the manual steps shown in the panel.
If the login page template is not re-applied after a theme update, the native BigCommerce login form will be restored. Customers can still log in via Simple MFA through the intercepted login links, but a customer who navigates directly to /login/ could access the store without going through MFA. Re-apply the template as soon as possible to close this gap.
Billing
Simple MFA bills based on the number of customers with a registered credential on your store.
The first 200 credentials are free, with no time limit. Once your store exceeds 200 registered customers, new account claims are paused until you upgrade. Existing customers can still log in without interruption.
Beyond 200 credentials, billing is metered at $12 per 100 credentials per month. Your credential count is snapshotted on the 1st of each month and that count determines your invoice for the month.
Upgrade, update payment details, or view invoices from the Usage section on the Simple MFA admin Overview page. Billing is handled securely via Stripe — Simple MFA never stores payment card details.
Can't find what you're looking for? Get in touch and we'll help you directly.
Contact support