Two-factor authentication

Audience: ERP Admin, IT Admin, MineralTree Admin, Accounting Manager

Summary: Reviews MineralTree's two-factor authentication functionality and setup for SMS, Voice, and Authenticator App (for AM users and login only)

The article covers the following topics: 

Two-factor authentication

Two-factor authentication is available to MineralTree users both during login and during payment release. To mitigate the risk of fraud, companies are encouraged to utilize one or both of these features. Security settings are managed at the role level (i.e. Accounting Manager and Payment Authorizer). Additionally, two-factor authentication is required when users reset their passwords, and any time an administrator accesses the Customer Administrator Application.

Three delivery methods are supported:

  • SMS message
  • Voice calls
  • Authenticator App (Accounting Managers for login only)

Setting up two-factor authentication

Initial setup of two-factor authentication will be completed during your MineralTree implementation process. If changes become necessary after the initial setup, MineralTree Administrators can access these settings in the Customer Administrator Application by clicking on their initials and navigating to Company Settings.Screen_Shot_2022-01-11_at_9.52.50_AM.png


Two-factor authentication to sign in

The Two Factor Authentication section on the Security Tab determines whether two-factor authentication codes will be sent during user login. Approver in this case refers to the PaymentAuthorizer. 

In the example below, users with the Approver role AND the Accounting Manager role will be prompted to provide a security code during login.


Authenticator Application and Setup

What is an authenticator app? An authenticator application is installed on a smartphone and generates a 6-digit code every 30 seconds. The codes are generated from a secret key that is shared between MineralTree and your device. It is not tied to your phone number or SIM in any way making it more secure. MineralTree recommends downloading Google Authenticator or Authy from your smartphone's app store. Please note that the authenticator app is only used for accounting managers at this time and only for logging in - not payment release. 

How to use it. Once you've downloaded the application, you can set up authentication in the MineralTree platform. To do so click on your initials and Company Profile.


Next, click on Set Up Authenticator.Screen_Shot_2022-01-11_at_10.34.57_AM.png

Users can scan the presented QR code using an Authenticator App to link your Authenticator account to MineralTree. 


After scanning the QR code, you'll enter the 6-digit code from the authenticator app on your device.


Enter the code into the Authenticator Set Up page, and click Submit. From there, you'll be taken back to the Company Profile page, and MineralTree will be added to your Authenticator accounts on your device. 


Now when you log in, you'll be able to select this as an option per the instructions below

Two-factor authentication for payment release 

The Two Factor Payment Verification section of the Security Tab determines whether two-factor authentication codes are sent to users at the time of payment release.


If you have a Payment Authorizer ("Approver"), they will be prompted to enter a security code when they submit a payment. If you do not have a Payment Authorizer, the Accounting Manager should have it enabled if you want to utilize this security feature.


Note: Payment verification is only required from the last person handling the payment in the workflow. If a payment does not require Authorization, then the Accounting Manager will be prompted for verification. Accounting Managers will not be prompted for verification if a Payment Authorizer is required to Approve the payment. Take a look at the two Scenarios below to further your understanding!

Scenario A
Two Factor Payment Verification: Enabled for Payment Authorizer (Approver) and Accounting Manager
Payment Authorization Threshold: $50
Payment Amount: $10
Result: The Accounting Manager must verify two factor authentication because the Payment Authorizer will not receive the payment in their queue because $10 < $50 threshold.

Scenario B
Two Factor Payment Verification: Enabled for Payment Authorizer (Approver) and Accounting Manager
Payment Authorization Threshold: $50
Payment Amount: $100
Result: The Payment Authorizer must verify two factor authentication because the Accounting Manager will not need to verify as $100 > $50 threshold.

Two-factor delivery preferences

Users can elect to receive codes either via SMS message, voice call, or authenticator app. They can manage these preferences upon login by clicking on Change Security Method.



From there, they can select whichever option they choose.


Change phone number for two-factor authentication

A MineralTree Administrator can change a user's 2-factor authentication phone number by following these steps:

1. Navigate to Settings > Manage Company Settings

2. Click into the Manage Users tab

3. Click into the user you wish to change

4. Change their phone information and delivery preferences (SMS or Voice)


Was this article helpful?
1 out of 1 found this helpful



Article is closed for comments.