Multi-Factor Authentication

User Management

At a Glance

ShelfSpace MFA setup supports three methods: SMS, TOTP app, and email
Every user is prompted to enable MFA during account creation
MFA protects financial data, payment workflows, and vendor relationships
Required for cannabis compliance in many regulated markets

ShelfSpace MFA Setup and Options

ShelfSpace MFA setup is part of every new account creation. When a user accepts an invitation and creates their account, we prompt them to enable multi-factor authentication before they access the platform for the first time. MFA adds a second verification step beyond the password, which protects your dispensary's financial data even if a password is compromised.

In cannabis, MFA is not just a best practice — it is increasingly a compliance expectation. Regulators and auditors want to know that access to financial systems, vendor payment data, and inventory records is protected by more than a password. ShelfSpace makes MFA easy to set up so your team has no reason to skip it.

What we handle: We provide the MFA infrastructure, guide each user through setup, and enforce the second factor on every login. You do not need to manage tokens, certificates, or third-party security tools.

MFA Methods

ShelfSpace supports three multi-factor authentication methods. Each user can choose the one that works best for them:

SMS — We send a one-time code to your mobile phone via text message. Enter the code after your password to complete login. This is the simplest option and works on any phone.
TOTP (Authenticator App) — Use an authenticator app like Google Authenticator, Authy, or 1Password to generate time-based one-time passwords. You scan a QR code once during setup, and the app generates a new six-digit code every 30 seconds. This is the most secure option.
Email — We send a one-time code to your registered email address. This is a fallback option for users who do not have access to their phone or authenticator app at login time.

Why MFA Matters for Cannabis Compliance

Cannabis dispensaries handle sensitive data: vendor payment amounts, bank account details, inventory counts tied to state-tracked packages, and employee access logs. A compromised account could expose all of this. MFA ensures that even if someone obtains a user's password through phishing or a data breach elsewhere, they still cannot access your ShelfSpace account without the second factor.

During audits, regulators may ask how you protect access to your financial systems. MFA is a concrete control you can point to. Combined with role-based permissions and immutable audit logging, it forms a strong security posture that satisfies most compliance frameworks.

Managing MFA for Your Team

Admins can see which users on their team have MFA enabled. If a team member loses access to their MFA method — a lost phone, for example — an admin can request a reset through ShelfSpace support. We verify the request and re-enable the setup flow for that user.

For organizations that want to enforce MFA across all accounts, we can configure your ShelfSpace instance to require it. This means no user can access the platform without completing MFA setup first. Combined with the security infrastructure we have in place, this keeps your operation locked down without adding friction to daily workflows.

Ready for a free 60-day pilot? Let's talk.

Talk to Us

Free 60-day pilot. We handle setup.