English 
Español 
Português 
Deutsch 
Français 
Italiano 
日本語 
中文 
हिन्दी 
עברית 
العربية 
한국어 
Nederlands 
Polski 
Türkçe 
Українська 
Русский 
Magyar 
Română 
Български 
Čeština 
Ελληνικά 
Svenska 
Dansk 
Norsk 
Suomi 
Bahasa Indonesia 
Tiếng Việt 
Tagalog 
ไทย 
Latviešu 
Lietuvių 
Eesti 
Slovenčina 
Slovenščina 
Hrvatski 
Македонски 
Қазақша 
Azərbaycan 
Afrikaans 
বাংলা Keep your Shifton account and company data secure by following these recommendations.
Strong Password
Use a strong password: at least 8 characters, combining uppercase and lowercase letters, digits, and symbols. Never reuse passwords from other services.
To change your password: go to company name → My Profile → Security / Password tab, enter your current password, then create a new one.
Phone Number Verification
Verify your phone number — it is required for SMS-based password recovery and adds a second recovery method to your account.
Always keep your verified phone number current. If your number changes, update it in your profile immediately.
Managing Administrator Access
Regularly review who has Administrator access. Only give admin rights to staff who truly need full access.
To change a role to Administrator:
1. Go to Employees (People icon).
2. Find the employee, click their current role badge in the Permission Level column.
3. Select Administrator from the dropdown.
To assign Manager role:
1. Go to Scheduling → Projects, click the pencil icon on the project.
2. Set the employee as manager and save.
3. A manager’s access is limited to that specific project — they cannot see or edit other projects.
Remove Administrator access from employees who have changed roles or left the company.
When an Employee Leaves
Dismiss the employee immediately to revoke their access to all company data:
People → ✕ → Dismiss — set the correct dismissal date.
If You Suspect Unauthorized Access
Activity Log
The Activity Log records key actions in your company account:
– Shift changes
– Employee additions and removals
– Permission changes
– Settings modifications
Each log entry shows: date and time, which user performed the action, what was changed (old and new value), and the affected employee or entity.
To access: company name → Logs (availability may depend on your subscription plan).
Role Overview
| Role | Access Level |
|---|---|
| Owner | Full access, including billing. One per company. |
| Administrator | Full access to schedules, employees, modules, reports. No access to Company Settings or billing. |
| Manager | Project-level access only — cannot see or edit other projects. |
| Employee | Own schedule only by default. Permissions can be expanded per-schedule. |
Employee permissions can be expanded per schedule (e.g. allow viewing others’ shifts, shift swapping, creating own shifts) — configured in the schedule’s Basic Information settings.
Related Articles
- My Profile
- Changing Password
- Activity Log
- Authority Levels and Roles
- Deactivating and Deleting Employees
- Contact Support
FAQ
A: Shifton supports phone number verification as a second factor. Go to My Profile → Phone Number field → enter your number and confirm with an SMS code.
Q: An employee was fired but we forgot to revoke access immediately — what should I do?
A: Immediately dismiss them via People → Dismiss. After that, the employee loses access. Review the Activity Log for any suspicious actions.
Q: Can the Owner transfer their rights to another user?
A: No. The Owner role is unique and cannot be transferred through the regular interface. Contact support for an Owner account change.
Q: How do I check who last accessed the account?
A: The Activity Log does not record login (authentication) events. Use the activity log to audit actions within the system.
Q: Can I restrict login by IP address?
A: No. Shifton does not provide IP-based login restriction or whitelisting.
Q: How do I protect data when dismissing an administrator?
A: 1. Change passwords for key accounts; 2. Revoke the dismissed employee’s Administrator rights; 3. Review API keys and integrations — disable unnecessary ones.
Q: Is there a log of failed login attempts?
A: No. Shifton does not record failed authorization attempts in an accessible log.
Q: Is data encrypted in Shifton?
A: Yes. Data is transmitted over HTTPS (TLS) and stored on encrypted infrastructure in the EU.
Q: Can employees see each other’s salaries?
A: No. Salary data is visible only to Administrator, Owner, and the employee themselves (if the corresponding setting is enabled in Salary Settings).
Q: How often should I change the administrator password?
A: It is recommended to change the password every 3–6 months, or immediately if a compromise is suspected.
Q: What is the “Support access toggle” — is it safe to enable?
A: Shifton support does not make changes to your account — they only provide guidance during demo calls with screen sharing. There is no support access toggle.
Q: Can a Manager see data from another project?
A: No. A Manager can only see the project(s) they are assigned to manage. Data from other projects is not accessible to them.
Q: How do I log out of Shifton on all devices?
A: Change your password — this will terminate active sessions on other devices. Or contact support for a forced logout.
Q: Can I set a company-wide password complexity policy?
A: No. Shifton applies general password requirements (minimum length, character combination), but per-company settings are not available.
Q: Are passwords stored in plain text?
A: No. Passwords are stored in hashed form — even the support team has no access to them.
Q: Where is Shifton data stored — in which region?
A: Data is stored on encrypted infrastructure in the EU. Contact support for details.