Audience: ERP Admin, IT Admin, MineralTree Admin
Summary: Reviews MineralTree's two-factor authentication functionality and setup.
The article covers the following topics:
- Two-factor authentication
- Setting up two-factor authentication
Two-factor authentication is available to MineralTree users both during login and during payment release. To mitigate the risk of fraud, companies are encouraged to utilize one or both of these features. Two-factor authentication must be enabled in one of these places for SilverGuard to remain active. Security settings are managed at the role level (i.e. Accounting Manager and Payment Authorizer). Additionally, two-factor authentication is required when users reset their passwords, and any time an administrator accesses the Customer Administrator Application.
Two delivery methods are supported:
- SMS message
- Voice calls
Initial setup of two-factor authentication will be completed during your MineralTree implementation process. If changes become necessary after the initial setup, MineralTree Administrators can access these settings in the Customer Administrator Application by going to Settings > Manage Company Settings and clicking on the Security Tab.
The Two Factor Authentication section on the Security Tab determines whether two-factor authentication codes will be sent during user login. Approver in this case refers to the Payment Authorizer.
In the example below, users with the Approver role AND the Accounting Manager role will be prompted to provide a security code during login.
The Two Factor Payment Verification section of the Security Tab determines whether two-factor authentication codes are sent to users at the time of payment release.
If you have a Payment Authorizer ("Approver"), they will be prompted to enter a security code when they submit a payment. If you do not have a Payment Authorizer, the Accounting Manager should have it enabled if you want to utilize this security feature.
Users can elect to receive codes either via SMS message or voice call. This setting is managed in the Customer Administrator Application discussed above under the Users Tab.
One primary phone number must be provided for each MineralTree user. Up to two additional phone numbers can be defined, and the two factor delivery preference of either SMS or voice can be defined for each number.
When two-factor authentication is triggered, the primary phone number is used. Users have the ability to select an alternate number for delivery from the list of enrolled numbers.