Follow the steps below to add MFA to your BigCommerce storefront. Most steps take minutes — one requires a small theme file change that any developer can complete quickly if needed.
Before you start
Make sure you have the following in place before installing.
Installation
Find Simple MFA in the BigCommerce App Marketplace and click Install. You'll be redirected through BigCommerce's OAuth flow, which grants Simple MFA the permissions it needs to create customer login sessions. No API keys or manual configuration required.
Permissions requested: read customer accounts, read store information, issue customer login tokens.
After installing, you'll be taken to the Simple MFA admin panel inside BigCommerce. A short setup checklist walks you through:
To fully secure your storefront, the native BigCommerce login page needs to be replaced. Without this change, a customer who navigates directly to /login/ could bypass Simple MFA entirely.
In the Simple MFA admin panel, go to Setup → Theme file. You'll find the complete replacement content for your theme's templates/pages/auth/login.html file. Copy the content and replace the existing file in your theme using the BigCommerce Theme Editor or by editing your theme files directly.
In the Simple MFA admin panel, go to Setup → Script tag. You'll see a pre-generated script snippet specific to your store. Copy the entire snippet — you'll paste it into BigCommerce in the next step.
In your BigCommerce admin, go to Storefront → Script Manager and click Create a Script. Configure it as follows:
Paste the script snippet into the Script contents field and click Save.
Open your storefront in a private/incognito browser window and click the account login link. You should be redirected to the Simple MFA login page instead of the standard BigCommerce login.
Enter the email address of your test customer. You'll receive a magic link email — click it to set a password and complete the account claim. Then test logging in with that password, and optionally enrol in TOTP MFA.
Simple MFA is now live for all customers on your storefront. The account claim flow is automatic and self-service — customers will be guided through setting their password on their first login.
Optionally, send your customers a heads-up email explaining that your login process has been upgraded for their security. This reduces confusion and support requests when they encounter the new login page for the first time.
Troubleshooting
Check that the script tag is saved correctly in Script Manager and set to load on All pages in the Footer. Clear your browser cache and try again in a fresh private window. If the issue persists, copy the script tag again from the Simple MFA admin panel — it may have been accidentally truncated when pasting.
Check the spam/junk folder first. If it's not there, verify that the email address exists as a customer in your BigCommerce admin. For new stores in early access, there may be a short delay on the first email send. If the problem persists, contact [email protected].
This usually means the store_v2_customers_login permission scope is missing from the app installation. Try uninstalling and reinstalling Simple MFA from the BigCommerce App Marketplace to re-trigger the OAuth flow with the correct scopes.
Email [email protected] and we'll get back to you. During early access, support is handled directly by the founder.
Simple MFA is currently in early access. Leave your email and we'll reach out when it's ready.
No spam. Unsubscribe any time.
You're on the list — we'll be in touch soon.