What is two-factor authentication (2FA)?
The two-factor authentication protects your SupplyOn account against unauthorized use. In addition to the user name and password, a one-time password is also used for logging in, which you receive each time you log in with the help of a so-called authenticator (password generator). This authenticator can either be a plugin in your browser, an app on your cell phone or a utility program on your computer.
The SupplyOn solutions are increasingly being used by customers for processing data classified as “Confidential” in accordance to their classification guides. This situation rises the need for additional security measures both for the customer and suppliers, in order to ensure that the access to this data is correctly controlled and protected.
As a result, the new functionality “two-factor authentication” has been introduced in the SupplyOn Portal for the login of customer and supplier users. We ask you to implement this functionality for your users, to meet the security requirements for data treatment. You may already be familiar with the two-factor authentication process from other services that also require a secure access, such as online banking.
Here you can find information on the two-factor authentication functionality for logging in to the SupplyOn Platform, how you can implement it and answers to frequently asked questions on this topic.
On this portal you will find information related to the two-factor authentication functionality: which are the prerequisites for its implementation for your users and the steps that you need to follow in order to implement it. These steps differ if you have an admin user or a regular user, these two cases are explained in the following subsections.
Regular users
When logging in to SupplyOn via the two-factor authentication, a one-time password is required in addition to the username and password. The one-time password is generated with an authenticator (one-time password generator).
- First you need to activate the two-factor authentication. After that, you can use the two-factor authentication for login.
- Prerequisites to activate the two-factor authentication as regular user
An authenticator must be installed by the SupplyOn user to log in with the two-factor authentication. An authenticator can be installed as:- a plugin in your browser
- an app on your cell phone
- a utility on your computer
Activate your user
- After a SupplyOn User Administrator has enabled the two-factor authentication for their login, the user must activate it.
- Log in to the SupplyOn portal using your user ID and password.
- Scan the QR code with your authenticator. If needed, confirm the addition of the SupplyOn token to the authenticator.
- Our Tip: when you are in this step, scan the QR code with multiple authenticators (in your phone and in your browser for example) so that you have more than one option for log in, in case you misplace your device or have no access from your own laptop.
- Create a one-time password (OTP) with the authenticator and enter it in the one-time password field. Click on “Activate two-factor authentication”.
- The two-factor authentication is activated for the user.
Login with two-factor authentication
- After the two-factor authentication is activated, it is applied at each login. For each login a new one-time password is required.
- Log in to the SupplyOn platform using your user ID and password.
- Create a one-time password with the authenticator and enter it in the one-time password field. Click login.
- You are logged in to SupplyOn .
Recommended authenticators
To use two-factor authentication for your SupplyOn account, you can select any authenticator that is based on the popular technical standard “ OATH TOTP. ” If you are already using an authenticator, you can also use it to access SupplyOn and do not need any new software.
Our tip: Activate two-factor authentication for both your browser and your smartphone at the same time.
To do this, please scan the same QR code on both devices. This will enable you to log into SupplyOn even if one of your devices is malfunctioning or not available.
SupplyOn recommends the following authenticators:
Browser plug-ins ( SupplyOn recommendation)
- Google Chrome authenticator plug-in
- Mozilla Firefox authenticator plug-in
- Microsoft Edge authenticator plug-in
Smartphones
- Android: Microsoft Authenticator, FreeOTP
- iOS: Microsoft Authenticator, FreeOTP
Computer utility apps for Windows
- WinAuth
If your company does not permit the use of any of the authenticators recommended by SupplyOn , you can ask the IT experts at your company to help you select a suitable authenticator.